FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff
Description

This article describes how to configure weighted link monitoring.

Scope

Fortigate v7.0.1 onwards.

Solution

- Prior to FortiOS 7.0.1, the link health monitor is determined to be dead when all servers are unreachable.

 

- Starting in 7.0.1, the link health monitor can configure multiple servers and allow each server to have its own weight setting.

Link monitor is considered DOWN only if the weight of all dead servers exceeds the monitor's fail weight threshold.

 

- In the below example, the link monitor is considered 'dead' only when 2 or more servers are DOWN due to the fail-weight configured.

 

# config system link-monito

    edit "test"

        set srcintf "port2"

        set server-config individual

        set gateway-ip 10.5.63.254

        set fail-weight 60

        # config server-lis

            edit 1

                set dst "4.2.2.2"

                set weight 30

            next

            edit 2

                set dst "1.1.1.2"

                set weight 30

            next

            edit 3

                set dst "8.8.8.8"

                set weight 30

            next

        end

    next

end

 

# diag sys link-monitor status

 

Link Monitor: test, Status: dead, Server num(3), HA state: local(dead), shared(dead)

Flags=0x9 init log_downgateway, Create time: Wed Dec 29 21:46:44 2021

Source interface: port2 (4)

Gateway: 10.5.63.254

Interval: 500 ms

Service-detect: disable

Diffservcode: 000000

Class-ID: 0

Fail-weight (60): activated

  Peer: 4.2.2.2(4.2.2.2)

        Source IP(10.5.54.114)

        Route: 10.5.54.114->4.2.2.2/32, gwy(10.5.63.254)

        Fail weight 30 applied

        protocol: ping, state: dead

                Packet lost: 100.000%

                Number of out-of-sequence packets: 0

                Recovery times(0/5) Fail Times(3/5)

                Packet sent: 29, received: 0, Sequence(sent/rcvd/exp): 30/0/0

  Peer: 1.1.1.2(1.1.1.2)

        Source IP(10.5.54.114)

        Route: 10.5.54.114->1.1.1.2/32, gwy(10.5.63.254)

        protocol: ping, state: alive

                Latency(Min/Max/Avg): 18.490/18.946/18.717 ms

                Jitter(Min/Max/Avg): 0.000/0.280/0.093

                Packet lost: 0.000%

                Number of out-of-sequence packets: 0

                Fail Times(0/5)

                Packet sent: 29, received: 29, Sequence(sent/rcvd/exp): 30/30/31

  Peer: 8.8.8.8(8.8.8.8)

        Source IP(10.5.54.114)

        Route: 10.5.54.114->8.8.8.8/32, gwy(10.5.63.254)

        Fail weight 30 applied

        protocol: ping, state: dead

                Packet lost: 100.000%

                Number of out-of-sequence packets: 0

                Recovery times(0/5) Fail Times(3/5)

                Packet sent: 29, received: 0, Sequence(sent/rcvd/exp): 30/0/0

Contributors