WAN Failover and Fail-back with VOIP Connections

Forum|Forum|6 years ago
February 28, 2020
2 replies
11431 views

I have a 60E with 2 WAN connections: a coax cable broadband connection on WAN1 and a LTE connection on WAN2. I have fail-over configured and all traffic properly fails over to WAN2 when WAN1 goes offline. The issue is that some of the traffic is VOIP and when WAN1 comes back online, those VOIP connections don't drop and retain their connections through WAN2. How can I force all connections to drop from WAN2 so they are forced to fail back to WAN1?

Here is what my config code looks like:

conf sys link-monitor edit wan1failover set srcintf wan1 set server "8.8.8.8" "1.1.1.1" set gateway-ip "<WAN1-GW>" set interval 20 set failtime 7 set recoverytime 5 set update-cascade-interface enable set update-static-route enable set status enable next edit wan2failover set srcintf wan2 set server "8.8.8.8" "1.1.1.1" set gateway-ip "<WAN2-GW>" set interval 20 set failtime 7 set recoverytime 5 set update-cascade-interface enable set update-static-route enable set status enable end

Toshi_Esumi

SuperUser

It's not because how you set up the failover but becuase how you set up the route to the destination (default route) through wan1 and wan2, and also because the voip has consistent traffic with the server like keepalive even when the phones are idle after registration.

Do you have two default routes in the routing-table when both are up? Then you might want to stop its injection by both circuits (set defaultgw disable) and put two static default-routes in with different distances to have only the main default-route toward wan1 is in the routing table when wan1 is up.

bungerAuthor

New Member

toshiesumi wrote:
Do you have two default routes in the routing-table when both are up? Then you might want to stop its injection by both circuits (set defaultgw disable) and put two static default-routes in with different distances to have only the main default-route toward wan1 is in the routing table when wan1 is up.

I do have 2 default routes:

dest: 0.0.0.0 gw: <wan1-gw> distance: 10 Priority: 0

dest: 0.0.0.0 gw: <wan2-gw> distance: 10 priority: 10

I am not sure the routes are the issue? when wan1 comes back online, all data properly reverts back through that connection... but bc the VOIP connections basically always stay on, the only way to get them to fail back to wan1 is to literally unplug or disable wan2.

What can I add to my config to forcibly drop those VOIP connections when wan1 comes back online? ( and yes, i know it would drop any existing calls )

Toshi_Esumi

SuperUser

That's the design of priority. After wan1 comes back up, when the server side of voip sends something toward the phones to verify if they're still alive with the wan2 public IP, the FGT routes the response from the phones toward wan2 since the route is still there with lower priority. You can't practically stop anything what the server side do. If you sniff voip traffic toward the phones while they're idle you can understand how the sessions are kept up all the time.

beltskyy

Visitor III

I am looking now for the solution of this problem. I have adjusted SD-WAN and when my router is losing connection I am experiencing the same issue. That to resolve it I should clear old sessions of VoIP device on my Fortigate and reboot VoIP device, only after that I have no any issues. VoIP provider offered to me run the script on my Fortigate which will ping their servers and if some of them will be down the script should clear the sessions. For the device they recommended me to adjust variable which define the time when device re-register on their server to every 60 seconds instead of reboot it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded