Created on 04-12-2019 01:24 AM Edited on 09-18-2024 11:52 PM By Anthony_E
Description
This article describes how link monitor can disable other interface(s) when the gateway detect (link Monitor) fails and bring them up when gateway detect (link Monitor) succeeds.
Scope
FortiGate.
Solution
In this example, when wan1 gateway detection (link monitor) fails, interface port3 will be disabled.
The objective is:
Static route (default route):
show router static
config router static
edit 1
set gateway 192.168.1.1
set device "wan1"
next
edit 2
set gateway 192.168.2.1
set device "wan2"
next
end
Link-monitor (gateway detect):
config system link-monitor
edit "wan1-ping-server"
set srcintf "wan1"
set server "8.8.8.8"
set update-cascade-interface enable <----- Update cascade interface enable.
set update-static-route enable <----- Update static route enable.
next
end
WAN1 interface configuration:
config system interface
edit "wan1"
set vdom "root"
set ip 192.168.1.254 255.255.255.0
set allowaccess ping https ssh
set fail-detect enable < -- Enable fail detect
set fail-detect-option detectserver link-down < -- Detectserver as link-down
set fail-alert-method link-down < -- Fail alert method Link-down
set fail-alert-interfaces "port3" < -- Independent interface port3, only non-virtual interface can be selected.
set type physicalset role wan
set snmp-index 1
next
end
The System Events can be monitored -When link-monitor detects link failure:
• Link Monitor initial state is failed, protocol: ping
• Static route on interface wan1 can be removed by link-monitor wan1-ping-server. Route: (192.168.1.254->8.8.8.8 ping-down)
• Link monitor: Interface port3 is turned down
When link-monitor detects link is OK:
• Link Monitor initial state is OK, protocol: ping
• Static route on interface wan1 can be added by link-monitor wan1-ping-server. Route: (192.168.1.254->8.8.8.8 ping-up)
• Link monitor: Interface port3 is turned up
Routes and Interface status can be monitored during link Down and Up status as follows:
To check all active routes:
get router info routing-table all
To view the physical interface status:
get sys interface physical
To check the link-monitor status:
diag sys link-monitor status
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.