Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 8.0.0 Administration Guide
    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    Application performance monitoring analytics NEW

    Application performance monitoring analytics NEW

    The FortiView SD-WAN Application Performance widget leverages the passive WAN application performance monitoring of SD-WAN to log and monitor application performance metrics. See also Application performance monitoring . These metrics are aggregated into the following FortiView report types:

    • Application performance overview: Overview of different performance metrics of monitored applications.

    • Application response time: Shows response time of a given application.

    • Application connection stability: Shows application connection stability in terms of jitter.

    • Application retransmission: Shows application traffic packet retransmission.

    • Application reliability monitor: Shows packet loss and abrupt connection termination by TCP reset.

    A new GUI option, Log application health metrics, is added to the firewall policy logging options section to enable the required logging for this widget.

    Example

    To test the application performance monitoring analytics in the GUI:

    1. Create the SD-WAN zone and assign WAN ports.

    2. Create a policy with the following settings:

      • Set the SD-WAN zone as the destination interface.

      • Attach an Application Control profile to specify which applications are monitored.

      • Enable Log application health metrics under Logging Options.

        This replaces the Passive health check option under Firewall > Network Options. Enabling this toggle enables both passive-wan-health-measurement and app-monitor values in the policy. When it is disabled, both are turned off.

    3. From a client PC, generate traffic using various applications, such as YouTube or ChatGPT.

    4. Go to Dashboard > FortiView and add the FortiView SD-WAN Application Performance Monitor. See Editing dashboards of widgets and monitors.

      Verify that filtering by Applications works and check that sorting by Latency, Jitter, Packet Loss, TCP Retransmission, and SYN/ACK Retransmission is functional.

    5. Drill down into an entry and verify that the following four charts are available:

      • Response Time

      • Connection Stability

      • Retransmissions

      • Reliability Monitor

    6. Go to the Dashboard and confirm that the FortiView SD-WAN Application Performance widget can be added.

    To test the application performance monitoring analytics in the CLI:

    1. Create the SD-WAN zone and assign WAN ports:

      config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "port3"
            set gateway 172.16.200.254
        next
        edit 2
            set interface "port4"
            set gateway 172.16.222.2
        next
    end
end

    2. Create a policy:

      config firewall policy
    edit 1
        set name "sdwan-test"
        set srcintf "port2"
        set dstintf "virtual-wan-link"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set passive-wan-health-measurement enable
        set app-monitor enable
        set utm-status enable
        set application-list "g-default"
        set logtraffic all
        set auto-asic-offload disable
        set nat enable
    next
end

    3. Configure a health-check:

      config system sdwan
    config health-check
        edit "test_h"
            set detect-mode passive
            set recoverytime 10
            set embed-measured-health enable
            set members 1 2
            config sla
                edit 1
                    set link-cost-factor latency
                    set latency-threshold 50
                next
            end
        next
    end    
end

    4. Configure an SD-WAN service and rule:

      config system sdwan
    config service
        edit 1
            set name "sdwan_test"
            set mode sla
            set internet-service enable
            set internet-service-name "8X8-8X8.Cloud"
            set internet-service-app-ctrl 31077
            config sla
                edit "test_h"
                    set id 1
                next
            end
            set priority-zone "virtual-wan-link"
            set passive-measurement enable
        next
    end  
end

    5. From a client PC, generate traffic using YouTube.

    Previous
    Next

    Application performance monitoring analytics NEW

    Application performance monitoring analytics NEW

    The FortiView SD-WAN Application Performance widget leverages the passive WAN application performance monitoring of SD-WAN to log and monitor application performance metrics. See also Application performance monitoring . These metrics are aggregated into the following FortiView report types:

    • Application performance overview: Overview of different performance metrics of monitored applications.

    • Application response time: Shows response time of a given application.

    • Application connection stability: Shows application connection stability in terms of jitter.

    • Application retransmission: Shows application traffic packet retransmission.

    • Application reliability monitor: Shows packet loss and abrupt connection termination by TCP reset.

    A new GUI option, Log application health metrics, is added to the firewall policy logging options section to enable the required logging for this widget.

    Example

    To test the application performance monitoring analytics in the GUI:

    1. Create the SD-WAN zone and assign WAN ports.

    2. Create a policy with the following settings:

      • Set the SD-WAN zone as the destination interface.

      • Attach an Application Control profile to specify which applications are monitored.

      • Enable Log application health metrics under Logging Options.

        This replaces the Passive health check option under Firewall > Network Options. Enabling this toggle enables both passive-wan-health-measurement and app-monitor values in the policy. When it is disabled, both are turned off.

    3. From a client PC, generate traffic using various applications, such as YouTube or ChatGPT.

    4. Go to Dashboard > FortiView and add the FortiView SD-WAN Application Performance Monitor. See Editing dashboards of widgets and monitors.

      Verify that filtering by Applications works and check that sorting by Latency, Jitter, Packet Loss, TCP Retransmission, and SYN/ACK Retransmission is functional.

    5. Drill down into an entry and verify that the following four charts are available:

      • Response Time

      • Connection Stability

      • Retransmissions

      • Reliability Monitor

    6. Go to the Dashboard and confirm that the FortiView SD-WAN Application Performance widget can be added.

    To test the application performance monitoring analytics in the CLI:

    1. Create the SD-WAN zone and assign WAN ports:

      config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "port3"
            set gateway 172.16.200.254
        next
        edit 2
            set interface "port4"
            set gateway 172.16.222.2
        next
    end
end

    2. Create a policy:

      config firewall policy
    edit 1
        set name "sdwan-test"
        set srcintf "port2"
        set dstintf "virtual-wan-link"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set passive-wan-health-measurement enable
        set app-monitor enable
        set utm-status enable
        set application-list "g-default"
        set logtraffic all
        set auto-asic-offload disable
        set nat enable
    next
end

    3. Configure a health-check:

      config system sdwan
    config health-check
        edit "test_h"
            set detect-mode passive
            set recoverytime 10
            set embed-measured-health enable
            set members 1 2
            config sla
                edit 1
                    set link-cost-factor latency
                    set latency-threshold 50
                next
            end
        next
    end    
end

    4. Configure an SD-WAN service and rule:

      config system sdwan
    config service
        edit 1
            set name "sdwan_test"
            set mode sla
            set internet-service enable
            set internet-service-name "8X8-8X8.Cloud"
            set internet-service-app-ctrl 31077
            config sla
                edit "test_h"
                    set id 1
                next
            end
            set priority-zone "virtual-wan-link"
            set passive-measurement enable
        next
    end  
end

    5. From a client PC, generate traffic using YouTube.

    Previous
    Next