Fortinet black logo

SD-WAN Architecture for Enterprise

Home FortiGate / FortiOS 7.2.0 SD-WAN Architecture for Enterprise
7.2.0
7.2.0
7.0.0

Passive WAN health monitoring of performance SLAs

Passive WAN health monitoring of performance SLAs

The passive WAN health check available with SD-WAN determines the health of the link for a specific application or traffic by using session information that is captured on the firewall policies that have Passive Health Check (passive-wan-health-measurement) enabled. Passive measurements analyze session information that is gathered from various TCP sessions to determine the jitter, latency, and packet loss. Using passive WAN health measurement reduces the amount of configuration required and decreases the traffic that is produced by health check monitor probes doing active measurements. Passive WAN health check analyzes real-world traffic as an active WAN health measurement instead of using a configured server, which might not reflect the real-life traffic. By default, active WAN health measurement is enabled when a new health check is created. It can be changed to passive.

If internet services or applications are defined in an SD-WAN rule with passive health check enabled, then SLA information for each service or application is differentiated and collected. SLA metrics (latency, jitter, and packet loss) on each SD-WAN member in the rule are then calculated based on the relevant internet service's or application's SLA information, to provide optimal application steering using real world measurements. Even though SD-WAN traffic analysis is visible from FortiManager > Device Manager > Monitors > SD-WAN Monitor for a better user experience (single pane of glass), monitoring is truly a feature of FortiAnalyzer. Since FortiAnalyzer is a managed device (in most cases) in FortiManager, charts and widgets are displayed from FortiManager. Check out all secure SD-WAN Monitors offered in FortiAnalyzer. See an example below, a widget for Passive WAN Monitoring.

Previous
Next

Passive WAN health monitoring of performance SLAs

The passive WAN health check available with SD-WAN determines the health of the link for a specific application or traffic by using session information that is captured on the firewall policies that have Passive Health Check (passive-wan-health-measurement) enabled. Passive measurements analyze session information that is gathered from various TCP sessions to determine the jitter, latency, and packet loss. Using passive WAN health measurement reduces the amount of configuration required and decreases the traffic that is produced by health check monitor probes doing active measurements. Passive WAN health check analyzes real-world traffic as an active WAN health measurement instead of using a configured server, which might not reflect the real-life traffic. By default, active WAN health measurement is enabled when a new health check is created. It can be changed to passive.

If internet services or applications are defined in an SD-WAN rule with passive health check enabled, then SLA information for each service or application is differentiated and collected. SLA metrics (latency, jitter, and packet loss) on each SD-WAN member in the rule are then calculated based on the relevant internet service's or application's SLA information, to provide optimal application steering using real world measurements. Even though SD-WAN traffic analysis is visible from FortiManager > Device Manager > Monitors > SD-WAN Monitor for a better user experience (single pane of glass), monitoring is truly a feature of FortiAnalyzer. Since FortiAnalyzer is a managed device (in most cases) in FortiManager, charts and widgets are displayed from FortiManager. Check out all secure SD-WAN Monitors offered in FortiAnalyzer. See an example below, a widget for Passive WAN Monitoring.

Previous
Next