Skip to Content

How to add SLA target to existing Health Check

This article describes how to add an SLA target to an existing Health Check. Use this SLA target on another SD-WAN rule.

Scope

FortiGate v7.0, v7.2, v7.4.

Solution

SD-WAN Performance SLA:

SD-WAN Performance SLA.

SD-WAN Rule:

SD-WAN Rule.

CLI Configuration:

config system sdwan
set status enable
config zone
edit "sdwan-dc100"
next
end

config members
edit 101
set interface "advpn101"
set zone "sdwan-dc100"
set source 10.136.32.16
next
edit 102
set interface "advpn102"
set zone "sdwan-dc100"
set source 10.136.32.16
next
edit 104
set interface "advpn104"
set zone "sdwan-dc100"
next
end

config health-check
edit "SLA_DC100"
set server "10.136.64.1"
set embed-measured-health enable
set members 101 102
config sla
edit 1
set latency-threshold 55
set jitter-threshold 20
set packetloss-threshold 1
next
end
next
end

config service
edit 2
set name "SLA2"
set mode sla
set dst "192.168.2.22"
set src "192.168.1.11"
config sla
edit "SLA_DC100"
set id 1
next
end
set priority-zone "sdwan-dc100"
next
edit 1
set name "Original"
set mode sla
set dst "Corporate_subnets"
set src "Corporate_subnets"
config sla
edit "SLA_DC100"
set id 1
next
end
set priority-zone "sdwan-dc100"
next
end
end

Add SLA target on Health check SLA_DC100 via CLI:

FGT-SDW-1 (health-check) # edit SLA_DC100
FGT-SDW-1 (SLA_DC100) # config sla
FGT-SDW-1 (sla) # edit 2
new entry '2' added
FGT-SDW-1 (2) # set latency-threshold 100
FGT-SDW-1 (2) # set jitter-threshold 30
FGT-SDW-1 (2) # set packetloss-threshold 5
FGT-SDW-1 (2) # end
FGT-SDW-1 (SLA_DC100) # end
FGT-SDW-1 (sdwan) # end

GUI will show the 2nd SLA Target:

GUI will show the 2nd SLA Target:

It is now possible to use it on another SD-WAN Policy

It is now possible to use it on another SD-WAN Policy

It is now possible to use it on another SD-WAN Policy 2