Adding IPSec VPN as a Software SD-WAN Member on FortiGate (Pre-7.0) with Performance SLA for Health Checks
Introduction
Welcome! In this tutorial, we’ll walk through how to add an IPSec VPN tunnel as a Software SD-WAN member on a FortiGate firewall (pre-7.0 firmware), and how to configure a Performance SLA for tunnel health checks.
About the Author
I’m Paula Wong, CEO and Founder of Accend Networks, a full-service IT solutions provider specializing in cybersecurity, networking, and cloud services – from power to protection.
Certifications:
C|EH Master, CCIE #13062, PCNSE, C-10/C-7 #1086962, Oracle OCI, AWS Certified Cloud Practitioner
With over 30 years of industry experience, including hands-on roles in Fortune 500 environments, I help clients streamline secure and scalable network infrastructure.
Step 1: Remove Active References to the IPSec Tunnel
Before you can use an existing VPN tunnel as an SD-WAN member, you must remove any active configuration references to it.
- In this example, we’re using a VPN tunnel named Iperf
- If your tunnel shows “4” in the references column, click that number to see where it’s in use.
- Remove those references so the tunnel can be added to an SD-WAN zone.
Step 2: Create an SD-WAN Zone and Add the VPN Tunnel
Once the tunnel is cleared of active bindings:
- Go to Network > SD-WAN Zones
- Create a new SD-WAN zone (e.g., IPSec_Zone)
- Add the Iperf tunnel (or your tunnel name) as a member
Step 3: Configure Performance SLA for Health Checks
Now we configure a Performance SLA to monitor the health of the IPSec tunnel.
- Go to Network > Performance SLA
- Add a new SLA and point the server IP to the remote end of the VPN tunnel
- Protocol options can include Ping, HTTP, DNS, or custom probes
Note: The WAN link field is optional, but specifying it can improve traffic steering.
Step 4: Create an SD-WAN Rule
Finally, create a rule to define how traffic uses the tunnel based on SLA:
- Set source and destination
- Define SLA targets (e.g., latency, jitter, packet loss)
- Apply load balancing logic (e.g., use WAN1 as primary, WAN2 as backup)
When the SLA thresholds are violated, FortiGate will dynamically reroute traffic based on your configuration.
Summary
That’s it! You’ve now:
- Cleared references from an existing IPSec tunnel
- Added it as a member to your SD-WAN zone
- Configured a Performance SLA for health monitoring
Created traffic rules for dynamic failover and load balancing
Contact
Need help with FortiGate SD-WAN, IPSec, or Performance SLA design?
Reach out:
- Email: paula@accendnetworks.com
- Phone/Text: (408) 784-2345
I’ll definitely come back and read more of your content.
Very useful tips! I’m excited to implement them soon.
I love how clearly you explained everything. Thanks for this.
Your content always adds value to my day.
Such a thoughtful and well-researched piece. Thank you.
I enjoyed every paragraph. Thank you for this.
I enjoyed your perspective on this topic. Looking forward to more content.
Your writing style makes complex ideas so easy to digest.
So simple, yet so impactful. Well written!
This content is really helpful, especially for beginners like me.
I appreciate your unique perspective on this.
Your tips are practical and easy to apply. Thanks a lot!
Thank you for making this topic less intimidating.
I never thought about it that way before. Great insight!
What a helpful and well-structured post. Thanks a lot!
Thanks for sharing your knowledge. This added a lot of value to my day.
I love how practical and realistic your tips are.
I appreciate the depth and clarity of this post.
This article came at the perfect time for me.
This gave me a whole new perspective on something I thought I already understood. Great explanation and flow!
Thank you for making this topic less intimidating.
I love how well-organized and detailed this post is.
I wasn’t expecting to learn so much from this post!
You really know how to connect with your readers.
You have a real gift for explaining things.
I appreciate the honesty and openness in your writing.
Thank you for offering such practical guidance.
I’ll definitely come back and read more of your content.
I love how clearly you explained everything. Thanks for this.
I wasn’t expecting to learn so much from this post!
This topic really needed to be talked about. Thank you.
I’ve read similar posts, but yours stood out for its clarity.
Your articles always leave me thinking.
You have a real gift for explaining things.
You’ve sparked my interest in this topic.
This post cleared up so many questions for me.
I appreciate how genuine your writing feels. Thanks for sharing.
This post gave me a new perspective I hadn’t considered.
You clearly know your stuff. Great job on this article.
You bring a fresh voice to a well-covered topic.
You write with so much clarity and confidence. Impressive!
This was very well laid out and easy to follow.
Thanks for sharing your knowledge. This added a lot of value to my day.
I hadn’t considered this angle before. It’s refreshing!
This was really well done. I can tell a lot of thought went into making it clear and user-friendly. Keep up the good work!
This content is gold. Thank you so much!
Thank you for being so generous with your knowledge.
Thank you for being so generous with your knowledge.
This was very well laid out and easy to follow.
Keep writing! Your content is always so helpful.