20 Questions
Passive monitoring measures the performance of members based on
Probe-free approach
Passive monitoring is more accurate than active monitoring because
It measures member performance based on actual traffic
Passive monitoring simplifies configuration and reduces network traffic by
Using a probe-free approach
Passive monitoring measures packet loss, latency, and jitter based on
TCP traffic
Active monitoring requires you to configure
Target servers and protocols
Active monitoring can result in complex SD-WAN configurations when
Configuring multiple health checks and members
Passive monitoring is disabled for hardware acceleration because
Members are always alive
The limitations of passive monitoring include
Only measuring TCP traffic
Active monitoring generates more monitoring traffic than passive monitoring because
It uses probes for each health check
Configuring a ping probe to monitor the health of a member used for web traffic
Doesn't provide accurate performance metrics
Which method is used to calculate latency in passive monitoring?
RTT of TCP connection setup and teardown
What are the metrics calculated based on TCP header information in passive monitoring?
Jitter and packet loss
What does passive monitoring not detect?
Dead members
What needs to be enabled on firewall policies for passive monitoring?
Passive-wan-health-measurement
What is automatically disabled when passive-wan-health-measurement is enabled?
Auto-asic-offload
What does passive monitoring provide more accurate member metrics based on?
Actual traffic passing through the members
What may affect the steering decisions made by FortiGate for SD-WAN rules configured for specific applications?
Lack of granularity
What does per-application passive monitoring instruct FortiGate to do?
Measure the member quality based on the performance of applications
What does FortiGate do if multiple applications use the same member in per-application passive monitoring?
Averages the metrics measured for all applications
What needs to be enabled in SD-WAN rules for per-application passive monitoring?
Passive-measurement
Study Notes
Passive Monitoring vs Active Monitoring
- Passive monitoring is more accurate than active monitoring
- Passive monitoring simplifies configuration and reduces network traffic
- Active monitoring requires configuration and can result in complex SD-WAN configurations when multiple probes are used
- Active monitoring generates more monitoring traffic than passive monitoring
How Passive Monitoring Works
- Measures packet loss, latency, and jitter based on TCP header information
- Calculates latency using the TCP three-way handshake
- Metrics calculated based on TCP header information include packet loss, latency, and jitter
Limitations of Passive Monitoring
- Does not detect application-specific issues
- Disabled for hardware acceleration
- Limited to measuring TCP-based applications
- Firewall policies must enable UDP 37777 for passive monitoring
Per-Application Passive Monitoring
- Instructs FortiGate to monitor application-specific traffic
- If multiple applications use the same member, FortiGate chooses the best member based on application-specific steering decisions
- SD-WAN rules must enable passive-wan-health-measurement for per-application passive monitoring
- Automatically disables automatic WAN routing when enabled
Test your knowledge on passive monitoring and probe-free performance monitoring with this quiz. Learn about the benefits of accurate measuring, simplified configuration, and reduced network traffic. Discover the limitations such as measuring only TCP traffic and basing latency, jitter, and packet loss on TCP headers. Explore the concept of member state detection and the hardware acceleration involved.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
