Dual WAN in HA and failover

Xavier_BS · ‎11-04-2024

I have two ISPs, each one has two links feeding a pair of Fortigate 401 firewalls currenty set up in active-active HA.

I've configured the SD-WAN and I believe it's working OK.

Here is what I have in my SD-WAN:

However, it appears that if I lose one connection from ISP, then the other connection from the same ISP is no longer used as all traffic goes to the other ISP.

So a few questions:

Is this normal ?
Can I have it set up so that if one port is dropped, the other port is still used?

Thanks.

johnathan · ‎11-04-2024

That should work fine. How do you have SDWAN setup? Ideally you can load balance between the two members as per https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-bond-2-ISP-with-SD-WAN-and-load-bal...

"Never trust a computer you can't throw out a window."

Xavier_BS · ‎11-04-2024

Hi @johnathan , thanks.

I guess my question is more "what marks the interface as down?". Is it the performance SLA? Because on WAN2, one of the links is up, but the other is down. And I suppose because it's marked as down, it's not used at all.

And here's the rule:

johnathan · ‎11-04-2024

Oh! That actually is showing the interface itself as down, i.e. there is no cable plugged in... Maybe check the cable or connection between port2 and the switch?

"Never trust a computer you can't throw out a window."

Dual WAN in HA and failover

Nominate a Forum Post for Knowledge Article Creation