Technical Tip: Fortinet SD-WAN Remote SLAs

stroia · 10-10-2025

Description This article describes the reason of CPU's cores Spikes after a configuration change and how to manage undesirable side effects, in a High Level FortiGate with a huge number of firewall policies Scope FortiGate and FortiProxy Solution For...

stroia · 08-19-2025

Description This article describes how to prevent traffic being sent over an undesired SD-WAN member after an undesired SD-WAN rule match. Scope FortiGate. Solution In the Fortinet SD-WAN implementation, the same type of traffic could be matched by d...

stroia · 02-12-2025

Description This article describes Fortinet SD-WAN Remote SLAs and is divided into 2 parts: First part: How Remote SLAs work. Second part: Remote SLA Troubleshooting guide. Scope FortiGate. Solution How Remote SLAs work. Performance SLAs (Health-Chec...

stroia · 01-22-2025

Description This article describes how to choose the SD-WAN member to steer the BGP traffic from an SD-WAN Spoke to the Hub. Scope FortiGate. Solution When using a Fortinet SD-WAN Hub and Spokes deployment with BGP on loopback and over SD-WAN members...

stroia · 10-31-2024

Description This article describes how FortiGates manages ICMP Type 3 packets, not locally generated. Scope FortiGate. Solution ICMP (Internet Control Message Protocol) is a protocol used by devices running IPv4, to transfer information regarding the...

stroia · 01-21-2025

No, BGP traffic is considered local traffic so is not managed by SD-WAN rules, I suggest to remove the add route option from IPSec configuration https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-add-automatic-route-towards-the-remote/t...

stroia · 01-20-2025

Hello, Regarding you question have you created necessary firewall policy to permit the traffic between the loopback interface and the SD-WAN rule as explained here https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/853005/loopbac...

User Statistics

User Activity

Troubleshooting Tip: CPU Spikes after a configuration change

Technical Tip: How to avoid that a a specific traffic is matched by the wrong SD-WAN rule