I have a 60D running 5.2.3. I have two WAN connections, one for all the VoIP and the other for all other data. The VoIP network moves all it traffic out the voice WAN and all other networks move data out the data WAN. If the voice WAN goes down then all the voice traffic is rerouted out the data WAN. When the voice WAN comes back up the traffic is rerouted back to the voice WAN. The same goes for the data WAN when it fails, it goes to the voice WAN then back to the data WAN when it comes back up. I have all this working as expected right now.
My problem is that when the WAN link is restored none of the failed over sessions are rerouted back to their proper interface until there is a new session created. This means that it is possible for traffic to be routed out the wrong interface for a long time. How do I get these fail over sessions to terminate and create new sessions going out the proper WAN interface when that WAN interface comes back up? I can do this with my Cisco router automatically, but I need to get this same behavior with the Fortigate.
Thank you in advance,
AFAIK: That's the deault behaviour in FGT.
Once the session is created the FGT will keep using the same route for all the traffic for that session and does not perform a route lookup until the session is valid. (The FGT is offloading the session to NP, this improves the performance as FGT doesn't need to perform route lookups quite often.)
Once the session expires, when ever a new packet arrives the FGT will perform a route lookup and in this case it will assign the exit interface accordingly.
I would not recommend, but you could reduce the session life time or/and disable the offloading.
Hope it helps,