Skip to main content
aseques
aseques
Visitor III
April 23, 2015
Solved

Multiple IPs in health check?

  • April 23, 2015
  • 3 replies
  • 12309 views

Hello, after reading this, and looking into the gui, it seems that fortigate only supports monitoring to a single IP. This is quite inconvenient because it can be affected for temporary provider issues, rate limitting, monitored ips that change (i.e a public dns server that stops accepting pings).

Are there any plans to change this? Or is there any workaround so I can have a more stable verification?

    Best answer by ede_pfau

    In FortiOS v5.2 this has been moved to 

    config system link-monitor
    You can specify multiple server addresses to enhance reliability:
    config system link-monitor
        edit "one"
            set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
            set status disable
        next
    end

    Same applies to FortiOS v5.0:

    config router gwdetect
        edit 1
            set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
        next
    end

    3 replies

    Dave_Hall
    Dave_Hall
    New Member
    April 24, 2015

    I would check the CLI reference guide to see if there are more options available; usually the GUI is limited in what options you can configure from it.  Going on your posted link, it seems you are after ldb-monitor.

     

    But from your description it sound more like you are after Dead Gateway Detection

    aseques
    asequesAuthor
    Visitor III
    July 2, 2015

    Sorry I forgot to reply, in fact I am after DPD, thanks to your pointers I checked a bit more and it seems it's not possible to use more than one ip address in the checks, we end up using fortinet public ping servers (or google's 8.8.8.8).

    ede_pfau
    SuperUser
    ede_pfauAnswer
    SuperUser
    July 2, 2015

    In FortiOS v5.2 this has been moved to 

    config system link-monitor
    You can specify multiple server addresses to enhance reliability:
    config system link-monitor
        edit "one"
            set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
            set status disable
        next
    end

    Same applies to FortiOS v5.0:

    config router gwdetect
        edit 1
            set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
        next
    end

    aseques
    asequesAuthor
    Visitor III
    July 3, 2015

    Oh, you nailed it, it seems that the docs are not specific enough (extracted from here) and only mention 'addresses' but on the format it states that you should put server <ipv4_addr_str>

    server <ipv4_addr_str> Enter th IP addresses of the servers to be monitored. No default

     

    Thank you so much!

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    July 3, 2015

    I'm happy I could help. Good question.

    When I once configured DGD with only one ping server it caused a WAN line failure just because they took the server down for maintenance...and I had no clue why the internet access was broken. Not nice.

     

    Now, the only other trouble with DWD is that it tears down static routes, as it should, but not policy routes. That is, as far as I know and the docs tell me. Traffic would still be diverted to an interface which is proven without connectivity, and backup routes will not apply here.

    Terms & ConditionsAccessibility statement