Skip to main content
sfareg
sfareg
New Member
March 20, 2017
Question

how can find failover at version 5.4

  • March 20, 2017
  • 4 replies
  • 14649 views

i have two isp

i want wan1 is primary and wan2 is backup work if wan1 down

this is a found at version 5.4 but not work correct

 

4 replies

MikePruett
MikePruett
New Member
March 23, 2017

I, personally, would do this.   create a zone titled OUTSIDE   place primary internet provider and secondary internet provider in there.   Create two default routes, one to the primary and one to the secondary. Make the secondary have a slightly higher "priority" which in FortiOS just means cost.   Configure link health monitoring through CLI for each connection. If primary WAN fails the configured number of times then it will yank the route and use the backup line.   below is how to configure the link monitor   config system link-monitor edit "wan1fail" set srcintf "wan1" set server "8.8.8.8" set interval 3 set failtime 10 set recoverytime 10 set update-cascade-interface disable set protocol ping next end

sfareg
sfaregAuthor
New Member
March 25, 2017

thanks for help

this my step can you check

 

 

MikePruett
MikePruett
New Member
March 27, 2017

The firewall I'm behind may be blocking your images (they are showing as broken for me). I will check this thread when at the house and see if I can view them then.

joepope
joepope
New Member
May 8, 2017

Here is what I did and it appears to work:

For Primary ISP link, create a static default route, with Administrative Distance as 10 Priority 0

For Second ISP Link, create a static default route, with Administrative Distance as 10 Priority 10

 

If the Primary ISP is down, the traffic will be routed automatically to the Second ISP.  I do this and only drop a single ping for the failover.

 

Joe

Xcage
Xcage
New Member
June 29, 2017

Hey sfareg , i think this thread would be helpful for you

 

https://forum.fortinet.com/tm.aspx?m=120296

 

basically it says that you need to set higher distance for the interface you want to fail-over TO and lower for the interface that you want to failover from, also you need to set Health checks for interfaces for that to work.

Allan_Lago
Allan_Lago
New Member
September 3, 2017

Hi, sfareg.

 

First you have to configure the WAN1 and WAN2 routes with the same distance but you have to set a smaller priority to WAN1.

Same distance = The two link will stay up at the same time

Smaller priority means = The traffic will go trought WAN1 as long it is alive.

 

After you done this you have to set just like you set, and then configure the WAN status check for both interfaces.

 

Obs: If your links use static ip address than you have to configure distance and priority on the static route, otherwise you have to do it throught the CLI direcly on the interface configuration.

 

configure system interface

edit wan2

set distance x

set priority y

end

 

hope it helps

 

 

Terms & ConditionsAccessibility statement