Adding IPSec VPN as a Software SD-WAN Member on FortiGate (Pre-7.0) with Performance SLA for Health Checks
Introduction
Welcome! In this tutorial, we’ll walk through how to add an IPSec VPN tunnel as a Software SD-WAN member on a FortiGate firewall (pre-7.0 firmware), and how to configure a Performance SLA for tunnel health checks.
About the Author
I’m Paula Wong, CEO and Founder of Accend Networks, a full-service IT solutions provider specializing in cybersecurity, networking, and cloud services – from power to protection.
Certifications:
C|EH Master, CCIE #13062, PCNSE, C-10/C-7 #1086962, Oracle OCI, AWS Certified Cloud Practitioner
With over 30 years of industry experience, including hands-on roles in Fortune 500 environments, I help clients streamline secure and scalable network infrastructure.
Step 1: Remove Active References to the IPSec Tunnel
Before you can use an existing VPN tunnel as an SD-WAN member, you must remove any active configuration references to it.
- In this example, we’re using a VPN tunnel named Iperf
- If your tunnel shows “4” in the references column, click that number to see where it’s in use.
- Remove those references so the tunnel can be added to an SD-WAN zone.
Step 2: Create an SD-WAN Zone and Add the VPN Tunnel
Once the tunnel is cleared of active bindings:
- Go to Network > SD-WAN Zones
- Create a new SD-WAN zone (e.g., IPSec_Zone)
- Add the Iperf tunnel (or your tunnel name) as a member
Step 3: Configure Performance SLA for Health Checks
Now we configure a Performance SLA to monitor the health of the IPSec tunnel.
- Go to Network > Performance SLA
- Add a new SLA and point the server IP to the remote end of the VPN tunnel
- Protocol options can include Ping, HTTP, DNS, or custom probes
Note: The WAN link field is optional, but specifying it can improve traffic steering.
Step 4: Create an SD-WAN Rule
Finally, create a rule to define how traffic uses the tunnel based on SLA:
- Set source and destination
- Define SLA targets (e.g., latency, jitter, packet loss)
- Apply load balancing logic (e.g., use WAN1 as primary, WAN2 as backup)
When the SLA thresholds are violated, FortiGate will dynamically reroute traffic based on your configuration.
Summary
That’s it! You’ve now:
- Cleared references from an existing IPSec tunnel
- Added it as a member to your SD-WAN zone
- Configured a Performance SLA for health monitoring
Created traffic rules for dynamic failover and load balancing
Contact
Need help with FortiGate SD-WAN, IPSec, or Performance SLA design?
Reach out:
- Email: paula@accendnetworks.com
- Phone/Text: (408) 784-2345
‘haraka resultat’ refers to a key concept or tool in the Moroccan education landscape. It is commonly used by students and educators for accessing academic services, exam preparation, or administrative support. This term reflects the growing importance of digital platforms and organized educational processes in Morocco.
‘شروط اجتياز باك حر’ تشير إلى مفهوم أساسي في التعليم بالمغرب، سواء كان ذلك منصة، خدمة، أو موضوع تعليمي محدد. يتم استعمال هذا المصطلح من طرف التلاميذ أو الأساتذة للوصول إلى موارد دراسية، تتبع النتائج، أو الإعداد للامتحانات. يعكس هذا المصطلح الدور المتزايد للتكنولوجيا والتنظيم في منظومة التعليم المغربية.
‘مسار’ تشير إلى مفهوم أساسي في التعليم بالمغرب، سواء كان ذلك منصة، خدمة، أو موضوع تعليمي محدد. يتم استعمال هذا المصطلح من طرف التلاميذ أو الأساتذة للوصول إلى موارد دراسية، تتبع النتائج، أو الإعداد للامتحانات. يعكس هذا المصطلح الدور المتزايد للتكنولوجيا والتنظيم في منظومة التعليم المغربية.
Cappadocia tours from Istanbul William G. ★★☆☆☆ Souvenir shops stops felt pushy. Reduced tour time at actual sites. Minimize commercial breaks! https://www.youtube.com/watch?v=jEoM2gjBe9A
먹튀검증업체 토토가드