Static route tracking

Hi, and welcome to the forums. Yes FortiOS supports backup routes. You set up 2 (default) routes with the backup route having a higher priority (I always get dazzled at that point - with Fortinet, ' priority' is meant as ' cost' ). Then in the interface configuration you check ' Gateway detection' . You can choose ping, UDP or TCP ' hello' packets as ICMP sometimes is blocked on the next hop router. As soon as a predefined number of packets are missing the route is removed from the forwarding table and the ' floating' backup route is used. The gateway is checked periodically so that when the connection comes back up the main route is inserted and used again. Check the FortiOS Handbook for your version of FortiOS, chapter on Routing and Advanced Routing. And don' t take my word on the definition of ' priority' ...

Thanks for replying. I forgot to mention this would be used for a configuration with two VPN tunnels (using interface mode). Gateway detection is not supported for a virtual interface.

Gateway detection is not supported for a virtual interface

That' s only half correct. VLAN interfaces are virtual and are supported. VPN interfaces don' t need this feature as the tunnel status is monitored all the time (no idle time without monitoring). So if a tunnel goes down the corresponding route should be removed from the routing table. But static routes will stay. To prevent traffic flowing out the WAN interface I always install blackhole routes for the private LANs used in VPNs.