Hey there !
I'm pretty aware of how administrative distance works but priority confused me a little bit..
When I need to configure a failover between two routes, should the AD be the same and only the priority should be changed ? Or the opposite is the way to go ?
The format of your attachment seem to be broken. But FGTs are not a regular router but a firewall, which might work differently in terms of routing/packet handling. Priority is FGT's specific function to keep the same routes/prefixes in the routing-table, but the highest priority route is used for outbound (inside-initiated) traffic/sessions. If inbound traffic hits the interface, which is the outgoing interface of the lower priority route, the returning traffic still can go out through the same interface it came in. If it's a regular router, regardless which interface it comes in, returning traffic goes out by following the best AD route. With FGTs, it would be blocked by default as "asymmetric routing".
For example, if you have two internet circuits and set a higher priority default route toward the first circuit while the second circuit has a lower priority default route, all internet bound traffic initiated by internal devices goes through the first circuit. But you can still set up remote-access VPNs (SSL or IPSec) on the interface terminating the second circuit because the default route through the second interface is in the routing table.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.