Adding IPSec VPN as a Software SD-WAN Member on FortiGate (Pre-7.0) with Performance SLA for Health Checks
Introduction
Welcome! In this tutorial, we’ll walk through how to add an IPSec VPN tunnel as a Software SD-WAN member on a FortiGate firewall (pre-7.0 firmware), and how to configure a Performance SLA for tunnel health checks.
About the Author
I’m Paula Wong, CEO and Founder of Accend Networks, a full-service IT solutions provider specializing in cybersecurity, networking, and cloud services – from power to protection.
Certifications:
C|EH Master, CCIE #13062, PCNSE, C-10/C-7 #1086962, Oracle OCI, AWS Certified Cloud Practitioner
With over 30 years of industry experience, including hands-on roles in Fortune 500 environments, I help clients streamline secure and scalable network infrastructure.
Step 1: Remove Active References to the IPSec Tunnel
Before you can use an existing VPN tunnel as an SD-WAN member, you must remove any active configuration references to it.
- In this example, we’re using a VPN tunnel named Iperf
- If your tunnel shows “4” in the references column, click that number to see where it’s in use.
- Remove those references so the tunnel can be added to an SD-WAN zone.
Step 2: Create an SD-WAN Zone and Add the VPN Tunnel
Once the tunnel is cleared of active bindings:
- Go to Network > SD-WAN Zones
- Create a new SD-WAN zone (e.g., IPSec_Zone)
- Add the Iperf tunnel (or your tunnel name) as a member
Step 3: Configure Performance SLA for Health Checks
Now we configure a Performance SLA to monitor the health of the IPSec tunnel.
- Go to Network > Performance SLA
- Add a new SLA and point the server IP to the remote end of the VPN tunnel
- Protocol options can include Ping, HTTP, DNS, or custom probes
Note: The WAN link field is optional, but specifying it can improve traffic steering.
Step 4: Create an SD-WAN Rule
Finally, create a rule to define how traffic uses the tunnel based on SLA:
- Set source and destination
- Define SLA targets (e.g., latency, jitter, packet loss)
- Apply load balancing logic (e.g., use WAN1 as primary, WAN2 as backup)
When the SLA thresholds are violated, FortiGate will dynamically reroute traffic based on your configuration.
Summary
That’s it! You’ve now:
- Cleared references from an existing IPSec tunnel
- Added it as a member to your SD-WAN zone
- Configured a Performance SLA for health monitoring
Created traffic rules for dynamic failover and load balancing
Contact
Need help with FortiGate SD-WAN, IPSec, or Performance SLA design?
Reach out:
- Email: paula@accendnetworks.com
- Phone/Text: (408) 784-2345
益群网:终身分红,逆向推荐,不拉下线,也有钱赚!尖端资源,价值百万,一网打尽,瞬间拥有!多重收益,五五倍增,八级提成,后劲无穷!网址:1199.pw
This was so insightful. I took notes while reading!
I appreciate the real-life examples you added. They made it relatable.
This was very well laid out and easy to follow.
I like how you presented both sides of the argument fairly.
I’ve read similar posts, but yours stood out for its clarity.
Thanks for making this so reader-friendly.
Thanks for addressing this topic—it’s so important.
Very relevant and timely content. Appreciate you sharing this.
Great job simplifying something so complex.
You’ve clearly done your research, and it shows.
This was really well done. I can tell a lot of thought went into making it clear and user-friendly. Keep up the good work!
Your content always adds value to my day.
You made some excellent points here. Well done!
You really know how to connect with your readers.
Very relevant and timely content. Appreciate you sharing this.
You write with so much clarity and confidence. Impressive!
What a helpful and well-structured post. Thanks a lot!
Great job simplifying something so complex.
This content is really helpful, especially for beginners like me.
I like how you presented both sides of the argument fairly.
I never thought about it that way before. Great insight!
You clearly know your stuff. Great job on this article.
gulet cruise in turkey Zoe C. Pamukkale’s white terraces looked like snow. Unreal beauty. https://www.tripclap.com/tour-packages/18922/a-blissful-to-turkey
真免费!价值万元资源,不要一分钱,网址:https://www.53278.xyz/
Great article! I’ll definitely come back for more posts like this.
I enjoyed your perspective on this topic. Looking forward to more content.
I always look forward to your posts. Keep it coming!
Your articles always leave me thinking.
tours to mexico Thomas K. ★★★★☆ Underground city tour was fascinating, but our group of 25 felt too crowded. Smaller groups would improve the experience. https://skytour.al/
탑플레이어포커머니상
탑플레이어포커머니상
What an engaging read! You kept me hooked from start to finish.
This gave me a lot to think about. Thanks for sharing.
I appreciate the real-life examples you added. They made it relatable.
This was so insightful. I took notes while reading!
Thanks for sharing your knowledge. This added a lot of value to my day.
I like how you presented both sides of the argument fairly.
Your content never disappoints. Keep up the great work!
Your thoughts are always so well-organized and presented.
This was really well done. I can tell a lot of thought went into making it clear and user-friendly. Keep up the good work!
I love how practical and realistic your tips are.
The way you write feels personal and authentic.
I wasn’t sure what to expect at first, but this turned out to be surprisingly useful. Thanks for taking the time to put this together.
Turkey vacation deals Turkey vacation packages offer authenticity. Real cultural immersion beyond typical tourist experiences. https://qosnetworksmw.com/?p=77675
Cappadocia family tours Daniel T. ★★☆☆☆ Balloon flight cancelled due to weather (no refund). Alternative wine tasting felt rushed. Clearer cancellation terms needed. https://www.getyourguide.com/tr-tr/travelshop-turkey-s1898
尖端资源,价值百万,一网打尽,瞬间拥有!多重收益,五五倍增,八级提成,后劲无穷!摸币网,最嚣张的上线替下线赚钱网站:https://1925.mobi/
Cappadocia tours Turkey Christina F. – Endonezya https://bushmansafaris.com/?p=17891
Bulk commenting service. 100,000 comments on independent websites for $100 or 1000,000 comments for $500. You can read this comment, it means my bulk sending is successful. Payment account-USDT TRC20:【TLRH8hompAphv4YJQa7Jy4xaXfbgbspEFK】。After payment, contact me via email (helloboy1979@gmail.com),tell me your nickname, email, website URL, and comment content. Bulk sending will be completed within 24 hours. I’ll give you links for each comment.Please contact us after payment is made. We do not respond to inquiries prior to payment. Let’s work with integrity for long-term cooperation.
Goreme open air museum Sophie L. ★★★★★ Stayed at the cave hotel recommended by this agency – authentic yet luxurious! Falling asleep in a 500-year-old stone room was surreal. https://www.istta.org.tr/pamukkale-tours.html