Fortigate 100D - failover needs more polish

Forum|Forum|8 years ago
March 8, 2018
1 reply
2779 views

I have a 100D running both a cable connection and T-1 for backup (WAN1&2), and thought I had failover working. Basically I just set the priority higher on the static route for WAN1 and it seemed to work. I don't need nor want load balancing - just failover. I Pull the cable for the WAN1 interface, and it takes one or two pings to flip over at most. Plug it back in, takes a bit longer but it reliably flips back.

So yesterday I get a call the internet is down.....I fix the problem by power cycling the cable modem. Typical routine for business class cable internet, but this is why we invested in failover...which didn't work. When you're processing credit cards 24/7 this needs to work.

I tested it again later in the day after the dust had settled...pulled the WAN1 cable, and the 100D l did it's thing and flipped the appropriate traffic to WAN2 within a few ticks.

So, I'm assuming the state the cable modem was in before power cycling wasn't sufficient to trip the 100D's 'heartbeat' for determining the link was down. How do I fix?

Markus

New Member

Hi, You need to configure link-monitor. FG will only detect interface failure, but no connection failures after the router/cable modem. config system link-monitor edit "1" set srcintf "wan1" set server "www.google.com" set gateway-ip 172.18.5.1 next end You can check with dia sys link-monitor status

Don't forget to duplicate the monitor to the other (fail-over) WAN port, if you don't using zones.

ede_pfau

SuperUser

Actually, device and link failure are both detected but of course a link monitor is the way to go.

BTW, 'priority' in FortiOS translates to 'cost'. So I would expect to see the route with higher priority to point to the backup interface - can you confirm?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded