Skip to main content
dpsguard
dpsguard
New Member
December 9, 2017
Question

Link-Monitor to shutdown LAN interface

  • December 9, 2017
  • 2 replies
  • 13397 views

Hi everyone,

 

Can we setup interface monitoring so that when ISP is down, then default route to that ISP is withdrawn as well as the LAN side interface is shutdown, so that downstream router / core switch that runs dynamic routing with firewall stops receiving default route from this firewall and thus start using the second one? My understanding is that the cascade interface refers to the source interface, and we don't want firewall outside interface to be shutdown, but the inside interface should be, and so I am assuming srcintf can be any interface that we choose.

 

And we dont want LAN interface to be periodically brought up to attempt health checks, as that will cause wrong default route to be sent to the core switch. LAN interface should only come up when link monitor declare health of ISP to be good.

 

Something like:

 

config system link-monitor edit "ISP1monitor" set srcintf LAN set gateway-ip <<ISP1GWaddress>> set server 8.8.8.8 4.2.2.2 set protocol ping set update-cascade-interface disable set update-static-route disable

next

end

 

Thanks

    2 replies

    dpsguard
    dpsguardAuthor
    New Member
    December 20, 2017

    Hello everyone,

     

    Am I asking too hard of questions here? None of my post has been answered in over two weeks now. Can someone please advise me on this?

     

    Thanks

    oheigl
    oheigl
    New Member
    December 20, 2017

    If the link monitor removes the route from the routing table it shouldn't be advertised to the downstream router anymore. Give us some more details to help you out, are you using to WAN interfaces for two ISPs? Which routing protocol is in use?

    And how would it help if the LAN interface is shut down, that doesn't make sense? Are you using adynamic routing protocol on the core router or just link monitoring?

    dpsguard
    dpsguardAuthor
    New Member
    December 20, 2017
    Thanks for looking into this. I will be running dynamic routing (eBGP) on the lan side with mpls service provider. If upstream isp is down, then sure health monitoring or link monitoring, will withdraw the static route towards ISP, but I want that to trigger a shutdown of LAN interface for quick removal of BGP peering with mpls router. I have other circuits and firewalls, and other sites that will then be preferred for routing traffic thru those circuits / sites. So my question would have been better paraphrased if link monitoring can shutdown a defined interface(s) other than the one thru which link monitoring probes are being sent. Thanks so much.
    pramsey_FTNT
    Staff
    pramsey_FTNT
    Staff
    May 30, 2019

    Please see this article on configuring a cascade interface:

    https://kb.fortinet.com/kb/documentLink.do?externalID=FD44679

     

    Terms & ConditionsAccessibility statement