Created on 07-15-2024 07:55 AM Edited on 07-15-2024 07:56 AM By Jean-Philippe_P
Description |
This article describes that the Link monitor by default only removes the route from the routing table. The tunnel interface will still be up and tunnel failover will not occur.
This article discusses using an automation stitch to disable the tunnel once the route is removed, as the fail-detect method is not available on the IPSec tunnel interface. |
Scope | FortiOS 7.0.x, 7.2.x, 7.4.x. |
Solution |
In this example, it is configured as follows:
config system link-monitor
GUI: Security Fabric -> Automation.
Automation Trigger:
Automation Trigger CLI:
config system automation-trigger edit "Route removed" end
Automation Action:
Automation action CLI:
config system automation-action edit "Disable Tunnel"
Automation Stitch:
Automation stitch CLI :
config system automation-stitch edit "Route removed"
Result :
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.