Skip to Content

Solved: SD-WAN rule in manual mode and Performance SLA

This article describes the behavior of the SD-WAN rules configured in manual mode when the performance SLA for the interface is failing.


If all health-check is indicating that an interface is dead, even if it is used in manual mode, this SD-WAN rule will be void.

# config system sdwan
set status enable
config zone
edit "virtual-wan-link"

# config members
edit 1
set interface "port9"
set gateway

# config health-check
edit "sla"
set server ""
set update-static-route disable
set members 1

# config service
edit 1
set name "rule"
set dst ""
set priority-members 1

When the SLA is failing the interface is marked as dead.

FortiGate-1000D # di sys sdwan health-check
Health Check(sla):
Seq(1 port9): state(dead), packet-loss(45.000%) sla_map=0x0

The rule is disabled:

FortiGate-1000D # diagnose sys sdwan service

Service(1): Address Mode(IPV4) flags=0x200
Gen(2), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(manual)
Service disabled caused by no outgoing path. <-----
1: Seq_num(1 port9), dead
Dst address(1):

To avoid this behavior in case the configured SLA is used in a different rule and to have the manual rule to be matched, it is possible to configure an SLA which will monitor different servers and will still be up.

This behavior can cause issues when there are multiple rules and in some of them, SLA is configured.

But it is also necessary to have rules in manual mode which need to be always matched. Example: in order to tag the traffic.

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.