Monitor SD-WAN Performance¶

After SD-WAN is running, you want visibility: which link is being used, how each link is performing, and where traffic is going.

GUI Dashboard¶

Network → SD-WAN → SD-WAN main page shows:
- Members with status, current latency/jitter/loss.
- Performance SLAs with graphs.
- Bandwidth usage per member.
- Active sessions per member.
Drill in for historical trends (last hour / day / week).

📸 Screenshot needed

SD-WAN dashboard showing live latency graphs and per-member traffic.

CLI¶

# Member status:
diagnose sys sdwan member
get system sdwan service

# Live health check:
diagnose sys sdwan health-check

# Session table by member:
diagnose sys session list | grep "member="

# Per-rule decisions:
diagnose sys sdwan service

FortiAnalyzer / FortiCloud¶

For long-term retention and reports: - Connect to FortiAnalyzer (see Send Logs to FortiAnalyzer). - Pre-built reports: "SD-WAN Performance," "Top SaaS Apps," "Failover Events."

Useful Logs¶

Log & Report → System Events — SD-WAN failover events.
Log & Report → Forward Traffic — filter by Source Interface or Destination Interface to see per-member traffic.

Common Issues¶

Latency reported but app feels worse than SLA suggests. SLA target may be far away; measure to actual app endpoint (use Internet Service-based health check).
Dashboard shows wan2 is "Down" but it works. SLA target unreachable from wan2 specifically (e.g. carrier filters ping). Use HTTP-based health check instead.
Traffic going out the wrong WAN. Rule misorder or session pinned from before rule was added. Sessions don't re-evaluate mid-flow.