May be helpful to see how you have configured performance SLA (at least the IPs), and what sniffer command you use to capture the traffic. Routing table may also help see the problem (if the SLA check traffic is sent on the correct interface): get router info routing-table detail x.x.x.x (use the IP used for SLA check)
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
TRA-FW-01 (LO_TRA_SLA_TS) $ show config health-check edit "LO_TRA_SLA_TS" set server "172.20.243.243" set interval 2000 set probe-timeout 2000 set update-static-route disable set members 21 22 29 config sla edit 1 set latency-threshold 2000 set jitter-threshold 500 set packetloss-threshold 1
tunnel inf 172.20.243.78 on HQ site
Perf SLA on the Branch
edit "PING TRA" set server "172.20.243.254" set interval 2000 set probe-timeout 2000 set update-static-route disable set members 1 6 8 config sla edit 1 set latency-threshold 2000 set jitter-threshold 500 set packetloss-threshold 1
172.20.243.77 Tunnel IF on the Branch
sniffer command <depends on the site of cause>
dia sniffer packet any "host 172.20.243.254 and icmp" 4
172.20.243.243 no entry on the HQ site (but is this nessecary?)
on the Branch site i see a routing information over ospf from HQ site for the loopback - but from the GRE interface
Looks odd. 172.20.243.243 is a loopback interface IP on the branch side, right? Then it's showing "Known via static (route)" at the HQ BEFORE you put a static route. The oddest is it also shows "directly connected, TRA-TS-BACK2", which is your tunnel interface.
Do you happened to have unused VIP config or something on the HQ FGT referring to this IP?
Hello topic is possible solved - not final tested - but we are a step further.
the issuse is addressed in the new version 7.0.4 which will be published soon. i was in contact with the tec support.
we solved the issue be add addionialy specific phase2 configuration on the hq site (for the dailup connection) to address the local networks and the loopback on the remote site. after this the Perf SLA was coming up.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.