Created on 08-13-2024 12:03 PM Edited on 08-18-2024 12:16 AM By Jean-Philippe_P
Description | This article describes how to troubleshoot the secondary connection which failed to connect to the internet. | |||||||||
Scope | FortiGate. | |||||||||
Solution |
The following are the troubleshooting steps when a secondary (e.g. wan2) WAN connection with static IP address was added on the FortiGate but the internet connection through that interface does not work.
exec ping-options source <w.x.y.z>
exec ping fortinet.com
A successful ping means that the internet is working through that interface.
get router info routing-table all | grep 0.0.0.0
The output should show that the default route of the WAN interface with the DHCP IP address has a distance of 5 and a priority of 1. Furthermore, the secondary WAN interface with a static IP address default route has a distance of 10 and a priority of 1.
The solution is to modify the distance and priority of the wan2 interface or the wan1 interface. To make both default routes available on the routing table, they must have the same distance.
To make internet traffic use wan2 as the default route and maintain wan1 as failover, use the following configuration:
config system interface edit wan1 set distance 10 set priority 10 end
In summary, the ISP connection that obtained the IP address via DHCP will have a distance of 5 and a priority of 1 by default, while the ISP connection with a statically assigned IP address will have a distance of 10 and a priority of 1 by default. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.