Monitor Links Without SD WAN

Forum|Forum|5 years ago
November 12, 2020
2 replies
6577 views

Hello everybody,

I have a Firewall connected to Dual ISP , WAN1 and WAN2:

WAN1 is used by the Staff_NET to go to the Internet.

WAN2 is used by WIFI Client to surf the Internet.

My goals is to :

- Configure the Failover (means Staff-NET VLAN can use WAN2 if WAN1 goes Down and also WIFI client can use WAN1 if their primary link (WAN2) goes Down. --> For that I used "Policy Routes" as follow:

Staff_NET --> WAN1

WIFI_Client --> WAN2

Staff_NET --> WAN2

WIFI_Client --> WAN1

I'm Assuming that rules are read by sequence number. Is this config is correct or there is a better way?

- My second concern is to know how to configure Link Monitor for example ping 8.8.8.8 from WAN1 is there is no response the route will be disabled ?

Any idea ?

Thank you

boneyard

Valued Contributor

any reason you dont want to use SD-WAN?

policy routes are read in order indeed

for the monitoring you will have to go to the CLI only system link-monitor

https://kb.fortinet.com/k....do?externalID=FD44679

moelharrakAuthor

New Member

Thank for your answer ,

Well I don't want to use SD-WAN because I have two unequal Links(WAN1 and WAN2) and I have two LAN Networks , I want LAN1 to use the WAN1 and LAN2 to use the WAN2 this is the company policy for now, BUT we want traffic to use other link only if their Primary WAN that is dedicated for it is DOWN.

This why I see that using Policy routing and Link monitor is the best option.

boneyard

Valued Contributor

SD-WAN should be able to handle unequal links fine, it is quite broad in applications.

but it is your choice, policy routes and link monitor will do something similar. what im missing is the GUI part of it, SD-WAN makes it all a little easier to configure and monitor.

moelharrakAuthor

New Member

Thank all of you for your answers :)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded