Description
This article describes advanced options for SD-WAN health checks, which include several protocols and protocol specific options.
Scope
Solution
The health check protocol may include the following options.
config system sdwan
set status enable
config health-check
edit "h4_udp1"
set protocol udp-echo
set port 7
set server <server>
next
edit "h4_tcp1"
set protocol tcp-echo
set port 7
set server <server>
next
edit "h6_udp1"
set addr-mode ipv6
set server "2032::12"
set protocol udp-echo
set port 7
next
end
end
config system sdwan
set status enable
config health-check
edit "h4_tcpconnect1"
set protocol tcp-connect
set port 443
set quality-measured-method {half-open | half-close}
set server <server>
next
edit "h6_tcpconnect1"
set addr-mode ipv6
set server "2032::13"
set protocol tcp-connect
set port 444
set quality-measured-method {half-open | half-close}
next
end
end
TCP connect works by starting TCP connections to the configured servers using a specific port that can be manually configured. TCP connect provides the ability to test connectivity to any internal TCP application running on the target servers by monitoring packets exchanged for TCP connection setup and tear-down. Choose the quality-measured-method to half-close or half-open based on environment needs.
config system sdwan
set status enable
config health-check
edit "h4_ftp1"
set protocol ftp
set port 21
set user "root"
set password ***********
set ftp-mode {passive | port}
set ftp-file "1.txt"
set server <server>
next
edit "h6_ftp1"
set addr-mode ipv6
set server "2032::11"
set protocol ftp
set port 21
set user "root"
set password ***********
set ftp-mode {passive | port}
set ftp-file "2.txt"
next
end
end
config system sdwan
set status enable
config health-check
edit "h4_dns1"
set protocol dns
set dns-request-domain "ip41.forti2.com"
set dns-match-ip 1.1.1.1
next
edit "h6_dns1"
set addr-mode ipv6
set server "2000::15.1.1.4"
set protocol dns
set port 53
set dns-request-domain "ip61.xxx.com"
next
end
end
For more info on CLI commands for SD-WAN, refer to the CLI reference.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.