Member metrics are measured only if an SLA target is configured.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

Member interfaces that are administratively down

Member interface that have IP address of 0.0.0.0/0.0.0.0

Member interfaces that are physical interfaces as well as VLAN aggregate, and iPsec interfaces

Member interfaces that are referenced by any other configuration element

diagnose sys virtual-wan-link service

get router info routing-table

diagnose debug application ike

get ipsec tunnel list

The debug output shows per-IP shaper values and real-time readings.

FortiGate provides statistics and reading based on historical traffic logs.

Traffic being controlled by the traffic shaper is under 100 KB/s.

This traffic shaper drops traffic that exceeds the set limits.

On the hub VPN, only the device needs additional phase one sett

ADVPN should only be enabled on unmanaged FortiGate devices.

Each VPN device has a unique pre-shared key configured separately on phase one

The protected subnets should be set to address object to all (0.0 .0. 0/0).

The type of traffic defined and allowed on firewall policy ID 1 is UDP.

FortiGate has terminated the session after a change on policy ID 1.

Changes have been made on firewall policy ID 1 on FortiGate.

Firewall policy ID 1 has source NAT disabled.

port2 is referenced in a static route.

port1 is assigned a manual IP address.

port1 and port2 are not administratively down.

port1 is referenced in a firewall policy.