This article describes how to add an SLA target to an existing Health Check. Use this SLA target on another SD-WAN rule.
Scope
FortiGate v7.0, v7.2, v7.4.
Solution
SD-WAN Performance SLA:
SD-WAN Rule:
CLI Configuration:
config system sdwan set status enable config zone edit "sdwan-dc100" next end config members edit 101 set interface "advpn101" set zone "sdwan-dc100" set source 10.136.32.16 next edit 102 set interface "advpn102" set zone "sdwan-dc100" set source 10.136.32.16 next edit 104 set interface "advpn104" set zone "sdwan-dc100" next end config health-check edit "SLA_DC100" set server "10.136.64.1" set embed-measured-health enable set members 101 102 config sla edit 1 set latency-threshold 55 set jitter-threshold 20 set packetloss-threshold 1 next end next end config service edit 2 set name "SLA2" set mode sla set dst "192.168.2.22" set src "192.168.1.11" config sla edit "SLA_DC100" set id 1 next end set priority-zone "sdwan-dc100" next edit 1 set name "Original" set mode sla set dst "Corporate_subnets" set src "Corporate_subnets" config sla edit "SLA_DC100" set id 1 next end set priority-zone "sdwan-dc100" next end end
Add SLA target on Health check SLA_DC100 via CLI:
FGT-SDW-1 (health-check) # edit SLA_DC100 FGT-SDW-1 (SLA_DC100) # config sla FGT-SDW-1 (sla) # edit 2 new entry '2' added FGT-SDW-1 (2) # set latency-threshold 100 FGT-SDW-1 (2) # set jitter-threshold 30 FGT-SDW-1 (2) # set packetloss-threshold 5 FGT-SDW-1 (2) # end FGT-SDW-1 (SLA_DC100) # end FGT-SDW-1 (sdwan) # end
GUI will show the 2nd SLA Target:
It is now possible to use it on another SD-WAN Policy
