CLI Reference

alertemail
- alertemail setting
antivirus
- antivirus heuristic
- antivirus profile
- antivirus quarantine
- antivirus settings
application
- application custom
- application group
- application list
- application name
- application rule-settings
authentication
- authentication rule
- authentication scheme
- authentication setting
certificate
- certificate ca
- certificate crl
- certificate local
- certificate remote
cifs
- cifs domain-controller
- cifs profile
dlp
- dlp filepattern
- dlp fp-doc-source
- dlp sensitivity
- dlp sensor
- dlp settings
dnsfilter
- dnsfilter domain-filter
- dnsfilter profile
emailfilter
- emailfilter bwl
- emailfilter bword
- emailfilter dnsbl
- emailfilter fortishield
- emailfilter iptrust
- emailfilter mheader
- emailfilter options
- emailfilter profile
endpoint-control
- endpoint-control fctems
- endpoint-control settings
extender-controller
- extender-controller extender
firewall
- firewall DoS-policy
- firewall DoS-policy6
- firewall acl
- firewall acl6
- firewall address
- firewall address6
- firewall address6-template
- firewall addrgrp
- firewall addrgrp6
- firewall auth-portal
- firewall central-snat-map
- firewall consolidated policy
- firewall dnstranslation
- firewall identity-based-route
- firewall interface-policy
- firewall interface-policy6
- firewall internet-service
- firewall internet-service-addition
- firewall internet-service-append
- firewall internet-service-custom
- firewall internet-service-custom-group
- firewall internet-service-definition
- firewall internet-service-extension
- firewall internet-service-group
- firewall internet-service-ipbl-reason
- firewall internet-service-ipbl-vendor
- firewall internet-service-list
- firewall internet-service-owner
- firewall internet-service-reputation
- firewall internet-service-sld
- firewall ip-translation
- firewall ipmacbinding setting
- firewall ipmacbinding table
- firewall ippool
- firewall ippool6
- firewall ldb-monitor
- firewall local-in-policy
- firewall local-in-policy6
- firewall multicast-address
- firewall multicast-address6
- firewall multicast-policy
- firewall multicast-policy6
- firewall policy
- firewall policy46
- firewall policy6
- firewall policy64
- firewall profile-group
- firewall profile-protocol-options
- firewall proxy-address
- firewall proxy-addrgrp
- firewall proxy-policy
- firewall schedule group
- firewall schedule onetime
- firewall schedule recurring
- firewall security-policy
- firewall service category
- firewall service custom
- firewall service group
- firewall shaper per-ip-shaper
- firewall shaper traffic-shaper
- firewall shaping-policy
- firewall shaping-profile
- firewall sniffer
- firewall ssh host-key
- firewall ssh local-ca
- firewall ssh local-key
- firewall ssh setting
- firewall ssl setting
- firewall ssl-server
- firewall ssl-ssh-profile
- firewall traffic-class
- firewall ttl-policy
- firewall vip
- firewall vip46
- firewall vip6
- firewall vip64
- firewall vipgrp
- firewall vipgrp46
- firewall vipgrp6
- firewall vipgrp64
- firewall wildcard-fqdn custom
- firewall wildcard-fqdn group
ftp-proxy
- ftp-proxy explicit
icap
- icap profile
- icap server
ips
- ips custom
- ips decoder
- ips global
- ips rule
- ips rule-settings
- ips sensor
- ips settings
- ips view-map
log
- log custom-field
- log disk filter
- log disk setting
- log eventfilter
- log fortianalyzer filter
- log fortianalyzer override-filter
- log fortianalyzer override-setting
- log fortianalyzer setting
- log fortianalyzer-cloud filter
- log fortianalyzer-cloud override-filter
- log fortianalyzer-cloud override-setting
- log fortianalyzer-cloud setting
- log fortianalyzer2 filter
- log fortianalyzer2 override-filter
- log fortianalyzer2 override-setting
- log fortianalyzer2 setting
- log fortianalyzer3 filter
- log fortianalyzer3 override-filter
- log fortianalyzer3 override-setting
- log fortianalyzer3 setting
- log fortiguard filter
- log fortiguard override-filter
- log fortiguard override-setting
- log fortiguard setting
- log gui-display
- log memory filter
- log memory global-setting
- log memory setting
- log null-device filter
- log null-device setting
- log setting
- log syslogd filter
- log syslogd override-filter
- log syslogd override-setting
- log syslogd setting
- log syslogd2 filter
- log syslogd2 override-filter
- log syslogd2 override-setting
- log syslogd2 setting
- log syslogd3 filter
- log syslogd3 override-filter
- log syslogd3 override-setting
- log syslogd3 setting
- log syslogd4 filter
- log syslogd4 override-filter
- log syslogd4 override-setting
- log syslogd4 setting
- log threat-weight
- log webtrends filter
- log webtrends setting
monitoring
- monitoring np6-ipsec-engine
report
- report chart
- report dataset
- report layout
- report setting
- report style
- report theme
router
- router access-list
- router access-list6
- router aspath-list
- router auth-path
- router bfd
- router bfd6
- router bgp
- router community-list
- router isis
- router key-chain
- router multicast
- router multicast-flow
- router multicast6
- router ospf
- router ospf6
- router policy
- router policy6
- router prefix-list
- router prefix-list6
- router rip
- router ripng
- router route-map
- router setting
- router static
- router static6
ssh-filter
- ssh-filter profile
switch-controller
- switch-controller auto-config custom
- switch-controller auto-config default
- switch-controller auto-config policy
- switch-controller custom-command
- switch-controller lldp-profile
- switch-controller lldp-settings
- switch-controller location
- switch-controller managed-switch
- switch-controller poe
- switch-controller qos dot1p-map
- switch-controller qos ip-dscp-map
- switch-controller qos qos-policy
- switch-controller qos queue-policy
- switch-controller remote-log
- switch-controller security-policy 802-1X
- switch-controller security-policy local-access
- switch-controller snmp-community
- switch-controller snmp-user
- switch-controller storm-control-policy
- switch-controller stp-instance
- switch-controller stp-settings
- switch-controller switch-group
- switch-controller switch-interface-tag
- switch-controller switch-profile
- switch-controller traffic-policy
- switch-controller virtual-port-pool
system
- system 3g-modem custom
- system accprofile
- system admin
- system alarm
- system alias
- system api-user
- system arp-table
- system auto-install
- system auto-script
- system automation-action
- system automation-destination
- system automation-stitch
- system automation-trigger
- system autoupdate push-update
- system autoupdate schedule
- system autoupdate tunneling
- system central-management
- system cluster-sync
- system console
- system csf
- system custom-language
- system ddns
- system dedicated-mgmt
- system dhcp server
- system dhcp6 server
- system dns
- system dns-database
- system dns-server
- system dscp-based-priority
- system email-server
- system external-resource
- system fips-cc
- system fortiguard
- system fortimanager
- system fortisandbox
- system fsso-polling
- system ftm-push
- system geneve
- system geoip-country
- system geoip-override
- system global
- system gre-tunnel
- system ha
- system ha-monitor
- system interface
- system ipip-tunnel
- system ips-urlfilter-dns
- system ips-urlfilter-dns6
- system ipsec-aggregate
- system ipv6-neighbor-cache
- system ipv6-tunnel
- system isf-queue-profile
- system link-monitor
- system lldp network-policy
- system lte-modem
- system mac-address-table
- system mobile-tunnel
- system modem
- system nat64
- system nd-proxy
- system netflow
- system network-visibility
- system np6
- system npu
- system ntp
- system object-tagging
- system password-policy
- system password-policy-guest-admin
- system pppoe-interface
- system probe-response
- system proxy-arp
- system ptp
- system replacemsg admin
- system replacemsg alertmail
- system replacemsg auth
- system replacemsg device-detection-portal
- system replacemsg fortiguard-wf
- system replacemsg ftp
- system replacemsg http
- system replacemsg icap
- system replacemsg mail
- system replacemsg nac-quar
- system replacemsg nntp
- system replacemsg spam
- system replacemsg sslvpn
- system replacemsg traffic-quota
- system replacemsg utm
- system replacemsg webproxy
- system replacemsg-group
- system replacemsg-image
- system resource-limits
- system saml
- system sdn-connector
- system session-helper
- system session-ttl
- system settings
- system sflow
- system sit-tunnel
- system sms-server
- system snmp community
- system snmp sysinfo
- system snmp user
- system speed-test-server
- system sso-admin
- system storage
- system switch-interface
- system tos-based-priority
- system vdom
- system vdom-dns
- system vdom-exception
- system vdom-link
- system vdom-netflow
- system vdom-property
- system vdom-radius-server
- system vdom-sflow
- system virtual-wan-link
- system virtual-wire-pair
- system vxlan
- system wccp
- system zone
user
- user adgrp
- user domain-controller
- user exchange
- user fortitoken
- user fsso
- user fsso-polling
- user group
- user krb-keytab
- user ldap
- user local
- user password-policy
- user peer
- user peergrp
- user pop3
- user radius
- user saml
- user security-exempt-list
- user setting
- user tacacs+
voip
- voip profile
vpn
- vpn certificate ca
- vpn certificate crl
- vpn certificate local
- vpn certificate ocsp-server
- vpn certificate remote
- vpn certificate setting
- vpn ipsec concentrator
- vpn ipsec forticlient
- vpn ipsec manualkey
- vpn ipsec manualkey-interface
- vpn ipsec phase1
- vpn ipsec phase1-interface
- vpn ipsec phase2
- vpn ipsec phase2-interface
- vpn l2tp
- vpn ocvpn
- vpn pptp
- vpn ssl settings
- vpn ssl web host-check-software
- vpn ssl web portal
- vpn ssl web realm
- vpn ssl web user-bookmark
- vpn ssl web user-group-bookmark
waf
- waf main-class
- waf profile
- waf signature
- waf sub-class
wanopt
- wanopt auth-group
- wanopt cache-service
- wanopt content-delivery-network-rule
- wanopt peer
- wanopt profile
- wanopt remote-storage
- wanopt settings
- wanopt webcache
web-proxy
- web-proxy debug-url
- web-proxy explicit
- web-proxy forward-server
- web-proxy forward-server-group
- web-proxy global
- web-proxy profile
- web-proxy url-match
- web-proxy wisp
webfilter
- webfilter content
- webfilter content-header
- webfilter fortiguard
- webfilter ftgd-local-cat
- webfilter ftgd-local-rating
- webfilter ips-urlfilter-cache-setting
- webfilter ips-urlfilter-setting
- webfilter ips-urlfilter-setting6
- webfilter override
- webfilter profile
- webfilter search-engine
- webfilter urlfilter
wireless-controller
- wireless-controller address
- wireless-controller addrgrp
- wireless-controller ap-status
- wireless-controller ble-profile
- wireless-controller bonjour-profile
- wireless-controller global
- wireless-controller hotspot20 anqp-3gpp-cellular
- wireless-controller hotspot20 anqp-ip-address-type
- wireless-controller hotspot20 anqp-nai-realm
- wireless-controller hotspot20 anqp-network-auth-type
- wireless-controller hotspot20 anqp-roaming-consortium
- wireless-controller hotspot20 anqp-venue-name
- wireless-controller hotspot20 h2qp-conn-capability
- wireless-controller hotspot20 h2qp-operator-name
- wireless-controller hotspot20 h2qp-osu-provider
- wireless-controller hotspot20 h2qp-wan-metric
- wireless-controller hotspot20 hs-profile
- wireless-controller hotspot20 icon
- wireless-controller hotspot20 qos-map
- wireless-controller inter-controller
- wireless-controller log
- wireless-controller qos-profile
- wireless-controller region
- wireless-controller setting
- wireless-controller snmp
- wireless-controller timers
- wireless-controller utm-profile
- wireless-controller vap
- wireless-controller vap-group
- wireless-controller wag-profile
- wireless-controller wids-profile
- wireless-controller wtp
- wireless-controller wtp-group
- wireless-controller wtp-profile

Home FortiGate / FortiOS 6.2.6 CLI Reference

6.2.6

system virtual-wan-link

Configure redundant internet connections using SD-WAN (formerly virtual WAN link).

  config system virtual-wan-link
      Description: Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
      set status [disable|enable]
      set load-balance-mode [source-ip-based|weight-based|...]
      set neighbor-hold-down [enable|disable]
      set neighbor-hold-down-time {integer}
      set neighbor-hold-boot-time {integer}
      set fail-detect [enable|disable]
      set fail-alert-interfaces <name1>, <name2>, ...
      config zone
          Description: Configure SD-WAN zones.
          edit <name>

          next
      end
      config members
          Description: FortiGate interfaces added to the virtual-wan-link.
          edit <seq-num>
              set interface {string}
              set gateway {ipv4-address}
              set source {ipv4-address}
              set gateway6 {ipv6-address}
              set source6 {ipv6-address}
              set cost {integer}
              set weight {integer}
              set priority {integer}
              set spillover-threshold {integer}
              set ingress-spillover-threshold {integer}
              set volume-ratio {integer}
              set status [disable|enable]
              set comment {var-string}
          next
      end
      config health-check
          Description: SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it.
          edit <name>
              set probe-packets [disable|enable]
              set addr-mode [ipv4|ipv6]
              set server {string}
              set protocol [ping|tcp-echo|...]
              set port {integer}
              set security-mode [none|authentication]
              set password {password}
              set packet-size {integer}
              set ha-priority {integer}
              set http-get {string}
              set http-agent {string}
              set http-match {string}
              set interval {integer}
              set probe-timeout {integer}
              set failtime {integer}
              set recoverytime {integer}
              set diffservcode {user}
              set update-cascade-interface [enable|disable]
              set update-static-route [enable|disable]
              set sla-fail-log-period {integer}
              set sla-pass-log-period {integer}
              set threshold-warning-packetloss {integer}
              set threshold-alert-packetloss {integer}
              set threshold-warning-latency {integer}
              set threshold-alert-latency {integer}
              set threshold-warning-jitter {integer}
              set threshold-alert-jitter {integer}
              set members <seq-num1>, <seq-num2>, ...
              config sla
                  Description: Service level agreement (SLA).
                  edit <id>
                      set link-cost-factor {option1}, {option2}, ...
                      set latency-threshold {integer}
                      set jitter-threshold {integer}
                      set packetloss-threshold {integer}
                  next
              end
          next
      end
      config neighbor
          Description: Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status.
          edit <ip>
              set member {integer}
              set role [standalone|primary|...]
              set health-check {string}
              set sla-id {integer}
          next
      end
      config service
          Description: Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN.
          edit <id>
              set name {string}
              set addr-mode [ipv4|ipv6]
              set input-device <name1>, <name2>, ...
              set input-device-negate [enable|disable]
              set mode [auto|manual|...]
              set role [standalone|primary|...]
              set standalone-action [enable|disable]
              set quality-link {integer}
              set tos {user}
              set tos-mask {user}
              set protocol {integer}
              set start-port {integer}
              set end-port {integer}
              set route-tag {integer}
              set dst <name1>, <name2>, ...
              set dst-negate [enable|disable]
              set src <name1>, <name2>, ...
              set dst6 <name1>, <name2>, ...
              set src6 <name1>, <name2>, ...
              set src-negate [enable|disable]
              set users <name1>, <name2>, ...
              set groups <name1>, <name2>, ...
              set internet-service [enable|disable]
              set internet-service-custom <name1>, <name2>, ...
              set internet-service-custom-group <name1>, <name2>, ...
              set internet-service-id <id1>, <id2>, ...
              set internet-service-group <name1>, <name2>, ...
              set internet-service-app-ctrl <id1>, <id2>, ...
              set internet-service-app-ctrl-group <name1>, <name2>, ...
              set health-check {string}
              set link-cost-factor [latency|jitter|...]
              set packet-loss-weight {integer}
              set latency-weight {integer}
              set jitter-weight {integer}
              set bandwidth-weight {integer}
              set link-cost-threshold {integer}
              set hold-down-time {integer}
              set dscp-forward [enable|disable]
              set dscp-reverse [enable|disable]
              set dscp-forward-tag {user}
              set dscp-reverse-tag {user}
              config sla
                  Description: Service level agreement (SLA).
                  edit <health-check>
                      set id {integer}
                  next
              end
              set priority-members <seq-num1>, <seq-num2>, ...
              set status [enable|disable]
              set gateway [enable|disable]
              set default [enable|disable]
              set sla-compare-method [order|number]
          next
      end
  end

config system virtual-wan-link

Parameter Name	Description	Type	Size
status	Enable/disable SD-WAN. disable: Disable SD-WAN. enable: Enable SD-WAN.	option	-
load-balance-mode	Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. source-ip-based: Source IP load balancing. All traffic from a source IP is sent to the same interface. weight-based: Weight-based load balancing. Interfaces with higher weights have higher priority and get more traffic. usage-based: Usage-based load balancing. All traffic is sent to the first interface on the list. When the bandwidth on that interface exceeds the spill-over limit new traffic is sent to the next interface. source-dest-ip-based: Source and destination IP load balancing. All traffic from a source IP to a destination IP is sent to the same interface. measured-volume-based: Volume-based load balancing. Traffic is load balanced based on traffic volume (in bytes). More traffic is sent to interfaces with higher volume ratios.	option	-
neighbor-hold-down	Enable/disable hold switching from the secondary neighbor to the primary neighbor. enable: Enable hold switching from the secondary neighbor to the primary neighbor. disable: Disable hold switching from the secondary neighbor to the primary neighbor.	option	-
neighbor-hold-down-time	Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. (0 - 10000000, default = 0).	integer	Minimum value: 0 Maximum value: 10000000
neighbor-hold-boot-time	Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. (0 - 10000000, default = 0).	integer	Minimum value: 0 Maximum value: 10000000
fail-detect	Enable/disable SD-WAN Internet connection status checking (failure detection). enable: Enable status checking. disable: Disable status checking.	option	-
fail-alert-interfaces `<name>`	Physical interfaces that will be alerted. Physical interface name.	string	Maximum length: 79

config members

Parameter Name	Description	Type	Size
interface	Interface name.	string	Maximum length: 15
gateway	The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.	ipv4-address	Not Specified
source	Source IP address used in the health-check packet to the server.	ipv4-address	Not Specified
gateway6	IPv6 gateway.	ipv6-address	Not Specified
source6	Source IPv6 address used in the health-check packet to the server.	ipv6-address	Not Specified
cost	Cost of this interface for services in SLA mode (0 - 4294967295, default = 0).	integer	Minimum value: 0 Maximum value: 4294967295
weight	Weight of this interface for weighted load balancing. (1 - 255) More traffic is directed to interfaces with higher weights.	integer	Minimum value: 1 Maximum value: 255
priority	Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules.	integer	Minimum value: 0 Maximum value: 4294967295
spillover-threshold	Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.	integer	Minimum value: 0 Maximum value: 16776000
ingress-spillover-threshold	Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.	integer	Minimum value: 0 Maximum value: 16776000
volume-ratio	Measured volume ratio (this value / sum of all values = percentage of link volume, 1 - 255).	integer	Minimum value: 1 Maximum value: 255
status	Enable/disable this interface in the SD-WAN. disable: Disable this interface in the SD-WAN. enable: Enable this interface in the SD-WAN.	option	-
comment	Comments.	var-string	Maximum length: 255

config health-check

Parameter Name	Description	Type	Size
probe-packets	Enable/disable transmission of probe packets. disable: Disable transmission of probe packets. enable: Enable transmission of probe packets.	option	-
addr-mode	Address mode (IPv4 or IPv6). ipv4: IPv4 mode. ipv6: IPv6 mode.	option	-
server	IP address or FQDN name of the server.	string	Maximum length: 79
protocol	Protocol used to determine if the FortiGate can communicate with the server. ping: Use PING to test the link with the server. tcp-echo: Use TCP echo to test the link with the server. udp-echo: Use UDP echo to test the link with the server. http: Use HTTP-GET to test the link with the server. twamp: Use TWAMP to test the link with the server. ping6: PING6 link monitor.	option	-
port	Port number used to communicate with the server over the selected protocol.	integer	Minimum value: 1 Maximum value: 65535
security-mode	Twamp controller security mode. none: Unauthenticated mode. authentication: Authenticated mode.	option	-
password	Twamp controller password in authentication mode	password	Not Specified
packet-size	Packet size of a twamp test session,	integer	Minimum value: 64 Maximum value: 1024
ha-priority	HA election priority (1 - 50).	integer	Minimum value: 1 Maximum value: 50
http-get	URL used to communicate with the server if the protocol if the protocol is HTTP.	string	Maximum length: 1024
http-agent	String in the http-agent field in the HTTP header.	string	Maximum length: 1024
http-match	Response string expected from the server if the protocol is HTTP.	string	Maximum length: 1024
interval	Status check interval in milliseconds, or the time between attempting to connect to the server (500 - 3600*1000 msec, default = 500).	integer	Minimum value: 500 Maximum value: 3600000
probe-timeout	Time to wait before a probe packet is considered lost (500 - 5000 msec, default = 500).	integer	Minimum value: 500 Maximum value: 5000
failtime	Number of failures before server is considered lost (1 - 3600, default = 5).	integer	Minimum value: 1 Maximum value: 3600
recoverytime	Number of successful responses received before server is considered recovered (1 - 3600, default = 5).	integer	Minimum value: 1 Maximum value: 3600
diffservcode	Differentiated services code point (DSCP) in the IP header of the probe packet.	user	Not Specified
update-cascade-interface	Enable/disable update cascade interface. enable: Enable update cascade interface. disable: Disable update cascade interface.	option	-
update-static-route	Enable/disable updating the static route. enable: Enable updating the static route. disable: Disable updating the static route.	option	-
sla-fail-log-period	Time interval in seconds that SLA fail log messages will be generated (0 - 3600, default = 0).	integer	Minimum value: 0 Maximum value: 3600
sla-pass-log-period	Time interval in seconds that SLA pass log messages will be generated (0 - 3600, default = 0).	integer	Minimum value: 0 Maximum value: 3600
threshold-warning-packetloss	Warning threshold for packet loss (percentage, default = 0).	integer	Minimum value: 0 Maximum value: 100
threshold-alert-packetloss	Alert threshold for packet loss (percentage, default = 0).	integer	Minimum value: 0 Maximum value: 100
threshold-warning-latency	Warning threshold for latency (ms, default = 0).	integer	Minimum value: 0 Maximum value: 4294967295
threshold-alert-latency	Alert threshold for latency (ms, default = 0).	integer	Minimum value: 0 Maximum value: 4294967295
threshold-warning-jitter	Warning threshold for jitter (ms, default = 0).	integer	Minimum value: 0 Maximum value: 4294967295
threshold-alert-jitter	Alert threshold for jitter (ms, default = 0).	integer	Minimum value: 0 Maximum value: 4294967295
members `<seq-num>`	Member sequence number list. Member sequence number.	integer	Minimum value: 0 Maximum value: 4294967295

config sla

Parameter Name	Description	Type	Size
link-cost-factor	Criteria on which to base link selection. latency: Select link based on latency. jitter: Select link based on jitter. packet-loss: Select link based on packet loss.	option	-
latency-threshold	Latency for SLA to make decision in milliseconds. (0 - 10000000, default = 5).	integer	Minimum value: 0 Maximum value: 10000000
jitter-threshold	Jitter for SLA to make decision in milliseconds. (0 - 10000000, default = 5).	integer	Minimum value: 0 Maximum value: 10000000
packetloss-threshold	Packet loss for SLA to make decision in percentage. (0 - 100, default = 0).	integer	Minimum value: 0 Maximum value: 100
id	SLA ID.	integer	Minimum value: 0 Maximum value: 4294967295

config neighbor

Parameter Name	Description	Type	Size
member	Member sequence number.	integer	Minimum value: 0 Maximum value: 4294967295
role	Role of neighbor. standalone: Standalone neighbor. primary: Primary neighbor. secondary: Secondary neighbor.	option	-
health-check	SD-WAN health-check name.	string	Maximum length: 35
sla-id	SLA ID.	integer	Minimum value: 0 Maximum value: 4294967295

config service

Parameter Name	Description	Type	Size
name	Priority rule name.	string	Maximum length: 35
addr-mode	Address mode (IPv4 or IPv6). ipv4: IPv4 mode. ipv6: IPv6 mode.	option	-
input-device `<name>`	Source interface name. Interface name.	string	Maximum length: 79
input-device-negate	Enable/disable negation of input device match. enable: Enable negation of input device match. disable: Disable negation of input device match.	option	-
mode	Control how the priority rule sets the priority of interfaces in the SD-WAN. auto: Assign interfaces a priority based on quality. manual: Assign interfaces a priority manually. priority: Assign interfaces a priority based on the link-cost-factor quality of the interface. sla: Assign interfaces a priority based on selected SLA settings. load-balance: Distribute traffic among all available links based on round robin. ADVPN feature is not supported in the mode.	option	-
role	Service role to work with neighbor. standalone: Standalone service. primary: Primary service for primary neighbor. secondary: Secondary service for secondary neighbor.	option	-
standalone-action	Enable/disable service when selected neighbor role is standalone while service role is not standalone. enable: Enable service when selected neighbor role is standalone. disable: Disable service when selected neighbor role is standalone.	option	-
quality-link	Quality grade.	integer	Minimum value: 0 Maximum value: 255
tos	Type of service bit pattern.	user	Not Specified
tos-mask	Type of service evaluated bits.	user	Not Specified
protocol	Protocol number.	integer	Minimum value: 0 Maximum value: 255
start-port	Start destination port number.	integer	Minimum value: 0 Maximum value: 65535
end-port	End destination port number.	integer	Minimum value: 0 Maximum value: 65535
route-tag	IPv4 route map route-tag.	integer	Minimum value: 0 Maximum value: 4294967295
dst `<name>`	Destination address name. Address or address group name.	string	Maximum length: 79
dst-negate	Enable/disable negation of destination address match. enable: Enable destination address negation. disable: Disable destination address negation.	option	-
src `<name>`	Source address name. Address or address group name.	string	Maximum length: 79
dst6 `<name>`	Destination address6 name. Address6 or address6 group name.	string	Maximum length: 79
src6 `<name>`	Source address6 name. Address6 or address6 group name.	string	Maximum length: 79
src-negate	Enable/disable negation of source address match. enable: Enable source address negation. disable: Disable source address negation.	option	-
users `<name>`	User name. User name.	string	Maximum length: 79
groups `<name>`	User groups. Group name.	string	Maximum length: 79
internet-service	Enable/disable use of Internet service for application-based load balancing. enable: Enable cloud service to support application-based load balancing. disable: Disable cloud service to support application-based load balancing.	option	-
internet-service-custom `<name>`	Custom Internet service name list. Custom Internet service name.	string	Maximum length: 79
internet-service-custom-group `<name>`	Custom Internet Service group list. Custom Internet Service group name.	string	Maximum length: 79
internet-service-id `<id>`	Internet service ID list. Internet service ID.	integer	Minimum value: 0 Maximum value: 4294967295
internet-service-group `<name>`	Internet Service group list. Internet Service group name.	string	Maximum length: 79
internet-service-app-ctrl `<id>`	Application control based Internet Service ID list. Application control based Internet Service ID.	integer	Minimum value: 0 Maximum value: 4294967295
internet-service-app-ctrl-group `<name>`	Application control based Internet Service group list. Application control based Internet Service group name.	string	Maximum length: 79
health-check	Health check.	string	Maximum length: 35
link-cost-factor	Link cost factor. latency: Select link based on latency. jitter: Select link based on jitter. packet-loss: Select link based on packet loss. inbandwidth: Select link based on available bandwidth of incoming traffic. outbandwidth: Select link based on available bandwidth of outgoing traffic. bibandwidth: Select link based on available bandwidth of bidirectional traffic. custom-profile-1: Select link based on customized profile.	option	-
packet-loss-weight	Coefficient of packet-loss in the formula of custom-profile-1.	integer	Minimum value: 0 Maximum value: 10000000
latency-weight	Coefficient of latency in the formula of custom-profile-1.	integer	Minimum value: 0 Maximum value: 10000000
jitter-weight	Coefficient of jitter in the formula of custom-profile-1.	integer	Minimum value: 0 Maximum value: 10000000
bandwidth-weight	Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1.	integer	Minimum value: 0 Maximum value: 10000000
link-cost-threshold	Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10).	integer	Minimum value: 0 Maximum value: 10000000
hold-down-time	Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000, default = 0).	integer	Minimum value: 0 Maximum value: 10000000
dscp-forward	Enable/disable forward traffic DSCP tag. enable: Enable use of forward DSCP tag. disable: Disable use of forward DSCP tag.	option	-
dscp-reverse	Enable/disable reverse traffic DSCP tag. enable: Enable use of reverse DSCP tag. disable: Disable use of reverse DSCP tag.	option	-
dscp-forward-tag	Forward traffic DSCP tag.	user	Not Specified
dscp-reverse-tag	Reverse traffic DSCP tag.	user	Not Specified
priority-members `<seq-num>`	Member sequence number list. Member sequence number.	integer	Minimum value: 0 Maximum value: 4294967295
status	Enable/disable SD-WAN service. enable: Enable virtual WAN link service. disable: Disable virtual WAN link service.	option	-
gateway	Enable/disable SD-WAN service gateway. enable: Enable SD-WAN service gateway. disable: Disable SD-WAN service gateway.	option	-
default	Enable/disable use of SD-WAN as default service. enable: Enable use of SD-WAN as default service. disable: Disable use of SD-WAN as default service.	option	-
sla-compare-method	Method to compare SLA value for sla and load balance mode. order: Compare SLA value based on the order of health-check. number: Compare SLA value based on the number of satisfied health-check. Limits health-checks to only configured member interfaces.	option	-

Configure redundant internet connections using SD-WAN (formerly virtual WAN link).

config system virtual-wan-link Description: Configure redundant internet connections using SD-WAN (formerly virtual WAN link). set status [disable|enable] set load-balance-mode [source-ip-based|weight-based|...] set neighbor-hold-down [enable|disable] set neighbor-hold-down-time {integer} set neighbor-hold-boot-time {integer} set fail-detect [enable|disable] set fail-alert-interfaces <name1>, <name2>, ... config zone Description: Configure SD-WAN zones. edit <name> next end config members Description: FortiGate interfaces added to the virtual-wan-link. edit <seq-num> set interface {string} set gateway {ipv4-address} set source {ipv4-address} set gateway6 {ipv6-address} set source6 {ipv6-address} set cost {integer} set weight {integer} set priority {integer} set spillover-threshold {integer} set ingress-spillover-threshold {integer} set volume-ratio {integer} set status [disable|enable] set comment {var-string} next end config health-check Description: SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it. edit <name> set probe-packets [disable|enable] set addr-mode [ipv4|ipv6] set server {string} set protocol [ping|tcp-echo|...] set port {integer} set security-mode [none|authentication] set password {password} set packet-size {integer} set ha-priority {integer} set http-get {string} set http-agent {string} set http-match {string} set interval {integer} set probe-timeout {integer} set failtime {integer} set recoverytime {integer} set diffservcode {user} set update-cascade-interface [enable|disable] set update-static-route [enable|disable] set sla-fail-log-period {integer} set sla-pass-log-period {integer} set threshold-warning-packetloss {integer} set threshold-alert-packetloss {integer} set threshold-warning-latency {integer} set threshold-alert-latency {integer} set threshold-warning-jitter {integer} set threshold-alert-jitter {integer} set members <seq-num1>, <seq-num2>, ... config sla Description: Service level agreement (SLA). edit <id> set link-cost-factor {option1}, {option2}, ... set latency-threshold {integer} set jitter-threshold {integer} set packetloss-threshold {integer} next end next end config neighbor Description: Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status. edit <ip> set member {integer} set role [standalone|primary|...] set health-check {string} set sla-id {integer} next end config service Description: Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN. edit <id> set name {string} set addr-mode [ipv4|ipv6] set input-device <name1>, <name2>, ... set input-device-negate [enable|disable] set mode [auto|manual|...] set role [standalone|primary|...] set standalone-action [enable|disable] set quality-link {integer} set tos {user} set tos-mask {user} set protocol {integer} set start-port {integer} set end-port {integer} set route-tag {integer} set dst <name1>, <name2>, ... set dst-negate [enable|disable] set src <name1>, <name2>, ... set dst6 <name1>, <name2>, ... set src6 <name1>, <name2>, ... set src-negate [enable|disable] set users <name1>, <name2>, ... set groups <name1>, <name2>, ... set internet-service [enable|disable] set internet-service-custom <name1>, <name2>, ... set internet-service-custom-group <name1>, <name2>, ... set internet-service-id <id1>, <id2>, ... set internet-service-group <name1>, <name2>, ... set internet-service-app-ctrl <id1>, <id2>, ... set internet-service-app-ctrl-group <name1>, <name2>, ... set health-check {string} set link-cost-factor [latency|jitter|...] set packet-loss-weight {integer} set latency-weight {integer} set jitter-weight {integer} set bandwidth-weight {integer} set link-cost-threshold {integer} set hold-down-time {integer} set dscp-forward [enable|disable] set dscp-reverse [enable|disable] set dscp-forward-tag {user} set dscp-reverse-tag {user} config sla Description: Service level agreement (SLA). edit <health-check> set id {integer} next end set priority-members <seq-num1>, <seq-num2>, ... set status [enable|disable] set gateway [enable|disable] set default [enable|disable] set sla-compare-method [order|number] next end end

config system virtual-wan-link

Parameter Name

Description

Type

Size

status

Enable/disable SD-WAN.
disable: Disable SD-WAN.
enable: Enable SD-WAN.

option

load-balance-mode

Algorithm or mode to use for load balancing Internet traffic to SD-WAN members.
source-ip-based: Source IP load balancing. All traffic from a source IP is sent to the same interface.
weight-based: Weight-based load balancing. Interfaces with higher weights have higher priority and get more traffic.
usage-based: Usage-based load balancing. All traffic is sent to the first interface on the list. When the bandwidth on that interface exceeds the spill-over limit new traffic is sent to the next interface.
source-dest-ip-based: Source and destination IP load balancing. All traffic from a source IP to a destination IP is sent to the same interface.
measured-volume-based: Volume-based load balancing. Traffic is load balanced based on traffic volume (in bytes). More traffic is sent to interfaces with higher volume ratios.

option

neighbor-hold-down

Enable/disable hold switching from the secondary neighbor to the primary neighbor.
enable: Enable hold switching from the secondary neighbor to the primary neighbor.
disable: Disable hold switching from the secondary neighbor to the primary neighbor.

option

neighbor-hold-down-time

Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. (0 - 10000000, default = 0).

integer

Minimum value: 0 Maximum value: 10000000

neighbor-hold-boot-time

Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. (0 - 10000000, default = 0).

integer

Minimum value: 0 Maximum value: 10000000

fail-detect

Enable/disable SD-WAN Internet connection status checking (failure detection).
enable: Enable status checking.
disable: Disable status checking.

option

fail-alert-interfaces <name>

Physical interfaces that will be alerted.
Physical interface name.

string

Maximum length: 79

config members

Parameter Name

Description

Type

Size

interface

Interface name.

string

Maximum length: 15

gateway

The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.

ipv4-address

Not Specified

source

Source IP address used in the health-check packet to the server.

ipv4-address

Not Specified

gateway6

IPv6 gateway.

ipv6-address

Not Specified

source6

Source IPv6 address used in the health-check packet to the server.

ipv6-address

Not Specified

cost

Cost of this interface for services in SLA mode (0 - 4294967295, default = 0).

integer

Minimum value: 0 Maximum value: 4294967295

weight

Weight of this interface for weighted load balancing. (1 - 255) More traffic is directed to interfaces with higher weights.

integer

Minimum value: 1 Maximum value: 255

priority

Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules.

integer

Minimum value: 0 Maximum value: 4294967295

spillover-threshold

Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.

integer

Minimum value: 0 Maximum value: 16776000

ingress-spillover-threshold

Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.

integer

Minimum value: 0 Maximum value: 16776000

volume-ratio

Measured volume ratio (this value / sum of all values = percentage of link volume, 1 - 255).

integer

Minimum value: 1 Maximum value: 255

status

Enable/disable this interface in the SD-WAN.
disable: Disable this interface in the SD-WAN.
enable: Enable this interface in the SD-WAN.

option

comment

Comments.

var-string

Maximum length: 255

config health-check

Parameter Name

Description

Type

Size

probe-packets

Enable/disable transmission of probe packets.
disable: Disable transmission of probe packets.
enable: Enable transmission of probe packets.

option

addr-mode

Address mode (IPv4 or IPv6).
ipv4: IPv4 mode.
ipv6: IPv6 mode.

option

server

IP address or FQDN name of the server.

string

Maximum length: 79

protocol

Protocol used to determine if the FortiGate can communicate with the server.
ping: Use PING to test the link with the server.
tcp-echo: Use TCP echo to test the link with the server.
udp-echo: Use UDP echo to test the link with the server.
http: Use HTTP-GET to test the link with the server.
twamp: Use TWAMP to test the link with the server.
ping6: PING6 link monitor.

option

port

Port number used to communicate with the server over the selected protocol.

integer

Minimum value: 1 Maximum value: 65535

security-mode

Twamp controller security mode.
none: Unauthenticated mode.
authentication: Authenticated mode.

option

password

Twamp controller password in authentication mode

password

Not Specified

packet-size

Packet size of a twamp test session,

integer

Minimum value: 64 Maximum value: 1024

ha-priority

HA election priority (1 - 50).

integer

Minimum value: 1 Maximum value: 50

http-get

URL used to communicate with the server if the protocol if the protocol is HTTP.

string

Maximum length: 1024

http-agent

String in the http-agent field in the HTTP header.

string

Maximum length: 1024

http-match

Response string expected from the server if the protocol is HTTP.

string

Maximum length: 1024

interval

Status check interval in milliseconds, or the time between attempting to connect to the server (500 - 3600*1000 msec, default = 500).

integer

Minimum value: 500 Maximum value: 3600000

probe-timeout

Time to wait before a probe packet is considered lost (500 - 5000 msec, default = 500).

integer

Minimum value: 500 Maximum value: 5000

failtime

Number of failures before server is considered lost (1 - 3600, default = 5).

integer

Minimum value: 1 Maximum value: 3600

recoverytime

Number of successful responses received before server is considered recovered (1 - 3600, default = 5).

integer

Minimum value: 1 Maximum value: 3600

diffservcode

Differentiated services code point (DSCP) in the IP header of the probe packet.

user

Not Specified

update-cascade-interface

Enable/disable update cascade interface.
enable: Enable update cascade interface.
disable: Disable update cascade interface.

option

update-static-route

Enable/disable updating the static route.
enable: Enable updating the static route.
disable: Disable updating the static route.

option

sla-fail-log-period

Time interval in seconds that SLA fail log messages will be generated (0 - 3600, default = 0).

integer

Minimum value: 0 Maximum value: 3600

sla-pass-log-period

Time interval in seconds that SLA pass log messages will be generated (0 - 3600, default = 0).

integer

Minimum value: 0 Maximum value: 3600

threshold-warning-packetloss

Warning threshold for packet loss (percentage, default = 0).

integer

Minimum value: 0 Maximum value: 100

threshold-alert-packetloss

Alert threshold for packet loss (percentage, default = 0).

integer

Minimum value: 0 Maximum value: 100

threshold-warning-latency

Warning threshold for latency (ms, default = 0).

integer

Minimum value: 0 Maximum value: 4294967295

threshold-alert-latency

Alert threshold for latency (ms, default = 0).

integer

Minimum value: 0 Maximum value: 4294967295

threshold-warning-jitter

Warning threshold for jitter (ms, default = 0).

integer

Minimum value: 0 Maximum value: 4294967295

threshold-alert-jitter

Alert threshold for jitter (ms, default = 0).

integer

Minimum value: 0 Maximum value: 4294967295

members <seq-num>

Member sequence number list.
Member sequence number.

integer

Minimum value: 0 Maximum value: 4294967295

config sla

Parameter Name

Description

Type

Size

link-cost-factor

Criteria on which to base link selection.
latency: Select link based on latency.
jitter: Select link based on jitter.
packet-loss: Select link based on packet loss.

option

latency-threshold

Latency for SLA to make decision in milliseconds. (0 - 10000000, default = 5).

integer

Minimum value: 0 Maximum value: 10000000

jitter-threshold

Jitter for SLA to make decision in milliseconds. (0 - 10000000, default = 5).

integer

Minimum value: 0 Maximum value: 10000000

packetloss-threshold

Packet loss for SLA to make decision in percentage. (0 - 100, default = 0).

integer

Minimum value: 0 Maximum value: 100

SLA ID.

integer

Minimum value: 0 Maximum value: 4294967295

config neighbor

Parameter Name

Description

Type

Size

member

Member sequence number.

integer

Minimum value: 0 Maximum value: 4294967295

role

Role of neighbor.
standalone: Standalone neighbor.
primary: Primary neighbor.
secondary: Secondary neighbor.

option

health-check

SD-WAN health-check name.

string

Maximum length: 35

sla-id

SLA ID.

integer

Minimum value: 0 Maximum value: 4294967295

config service

Parameter Name

Description

Type

Size

name

Priority rule name.

string

Maximum length: 35

addr-mode

Address mode (IPv4 or IPv6).
ipv4: IPv4 mode.
ipv6: IPv6 mode.

option

input-device <name>

Source interface name.
Interface name.

string

Maximum length: 79

input-device-negate

Enable/disable negation of input device match.
enable: Enable negation of input device match.
disable: Disable negation of input device match.

option

mode

Control how the priority rule sets the priority of interfaces in the SD-WAN.
auto: Assign interfaces a priority based on quality.
manual: Assign interfaces a priority manually.
priority: Assign interfaces a priority based on the link-cost-factor quality of the interface.
sla: Assign interfaces a priority based on selected SLA settings.
load-balance: Distribute traffic among all available links based on round robin. ADVPN feature is not supported in the mode.

option

role

Service role to work with neighbor.
standalone: Standalone service.
primary: Primary service for primary neighbor.
secondary: Secondary service for secondary neighbor.

option

standalone-action

Enable/disable service when selected neighbor role is standalone while service role is not standalone.
enable: Enable service when selected neighbor role is standalone.
disable: Disable service when selected neighbor role is standalone.

option

quality-link

Quality grade.

integer

Minimum value: 0 Maximum value: 255

tos

Type of service bit pattern.

user

Not Specified

tos-mask

Type of service evaluated bits.

user

Not Specified

protocol

Protocol number.

integer

Minimum value: 0 Maximum value: 255

start-port

Start destination port number.

integer

Minimum value: 0 Maximum value: 65535

end-port

End destination port number.

integer

Minimum value: 0 Maximum value: 65535

route-tag

IPv4 route map route-tag.

integer

Minimum value: 0 Maximum value: 4294967295

dst <name>

Destination address name.
Address or address group name.

string

Maximum length: 79

dst-negate

Enable/disable negation of destination address match.
enable: Enable destination address negation.
disable: Disable destination address negation.

option

src <name>

Source address name.
Address or address group name.

string

Maximum length: 79

dst6 <name>

Destination address6 name.
Address6 or address6 group name.

string

Maximum length: 79

src6 <name>

Source address6 name.
Address6 or address6 group name.

string

Maximum length: 79

src-negate

Enable/disable negation of source address match.
enable: Enable source address negation.
disable: Disable source address negation.

option

users <name>

User name.
User name.

string

Maximum length: 79

groups <name>

User groups.
Group name.

string

Maximum length: 79

internet-service

Enable/disable use of Internet service for application-based load balancing.
enable: Enable cloud service to support application-based load balancing.
disable: Disable cloud service to support application-based load balancing.

option

internet-service-custom <name>

Custom Internet service name list.
Custom Internet service name.

string

Maximum length: 79

internet-service-custom-group <name>

Custom Internet Service group list.
Custom Internet Service group name.

string

Maximum length: 79

internet-service-id <id>

Internet service ID list.
Internet service ID.

integer

Minimum value: 0 Maximum value: 4294967295

internet-service-group <name>

Internet Service group list.
Internet Service group name.

string

Maximum length: 79

internet-service-app-ctrl <id>

Application control based Internet Service ID list.
Application control based Internet Service ID.

integer

Minimum value: 0 Maximum value: 4294967295

internet-service-app-ctrl-group <name>

Application control based Internet Service group list.
Application control based Internet Service group name.

string

Maximum length: 79

health-check

Health check.

string

Maximum length: 35

link-cost-factor

Link cost factor.
latency: Select link based on latency.
jitter: Select link based on jitter.
packet-loss: Select link based on packet loss.
inbandwidth: Select link based on available bandwidth of incoming traffic.
outbandwidth: Select link based on available bandwidth of outgoing traffic.
bibandwidth: Select link based on available bandwidth of bidirectional traffic.
custom-profile-1: Select link based on customized profile.

option

packet-loss-weight

Coefficient of packet-loss in the formula of custom-profile-1.

integer

Minimum value: 0 Maximum value: 10000000

latency-weight

Coefficient of latency in the formula of custom-profile-1.

integer

Minimum value: 0 Maximum value: 10000000

jitter-weight

Coefficient of jitter in the formula of custom-profile-1.

integer

Minimum value: 0 Maximum value: 10000000

bandwidth-weight

Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1.

integer

Minimum value: 0 Maximum value: 10000000

link-cost-threshold

Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10).

integer

Minimum value: 0 Maximum value: 10000000

hold-down-time

Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000, default = 0).

integer

Minimum value: 0 Maximum value: 10000000

dscp-forward

Enable/disable forward traffic DSCP tag.
enable: Enable use of forward DSCP tag.
disable: Disable use of forward DSCP tag.

option

dscp-reverse

Enable/disable reverse traffic DSCP tag.
enable: Enable use of reverse DSCP tag.
disable: Disable use of reverse DSCP tag.

option

dscp-forward-tag

Forward traffic DSCP tag.

user

Not Specified

dscp-reverse-tag

Reverse traffic DSCP tag.

user

Not Specified

priority-members <seq-num>

Member sequence number list.
Member sequence number.

integer

Minimum value: 0 Maximum value: 4294967295

status

Enable/disable SD-WAN service.
enable: Enable virtual WAN link service.
disable: Disable virtual WAN link service.

option

gateway

Enable/disable SD-WAN service gateway.
enable: Enable SD-WAN service gateway.
disable: Disable SD-WAN service gateway.

option

default

Enable/disable use of SD-WAN as default service.
enable: Enable use of SD-WAN as default service.
disable: Disable use of SD-WAN as default service.

option

sla-compare-method

Method to compare SLA value for sla and load balance mode.
order: Compare SLA value based on the order of health-check.
number: Compare SLA value based on the number of satisfied health-check. Limits health-checks to only configured member interfaces.

option

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

system virtual-wan-link

Configure redundant internet connections using SD-WAN (formerly virtual WAN link).

config system virtual-wan-link

config members

config health-check

config sla

config neighbor

config service

system virtual-wan-link

Configure redundant internet connections using SD-WAN (formerly virtual WAN link).

config system virtual-wan-link

config members

config health-check