We have two Internet links and want to have health monitoring to failover from one to the other if there is an outage. What is the difference between these two functions in FOS 5.6?
[ul]
We are not using any of the SD-WAN features at present as we have some functionality on parts of the network that is not suitable to it (e.g., IP Pools, policy based routes). In this case which should we use?
Also, would using the SD-WAN health-check with no SD-WAN functionality otherwise enabled be likely to cause any odd behaviour?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
So decided on going this route. I will note that the CLI documentation for FOS 5.6 is not accurate on how to set the servers.
config system link-monitor edit "wan2" set srcintf "wan2" set server "4.2.2.6" "8.8.4.4" "9.9.9.10" set gateway-ip <gatewayIP> set timeout 2
set update-cascade-interface disable next edit "wan1" set srcintf "wan1" set server "4.2.2.6" "8.8.4.4" "9.9.9.10" set gateway-ip <gatewayIP> set timeout 2 set update-cascade-interface disable next end
well I guess the link monitor will only monitor the health of your WAN but probably will not do any failover.
If you want failover use WLLB.
I do that like this:
- configure several WAN Interfaces
- create a virtual-wan-link over them with load balancing (i.e. WLLB)
- set some WLLB Conectivity check rules to monitor the WANs.
The Connectivty Checks will make the Loadbalancer know when there is an outtage. It then automtically does "failover" by just using the working WANs until the other one(s) will be back up again.
This works fine here...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Just an FYI having deployed both, it's not possible to do a primary/failover config with WLLB, as *both* must be active at least partially (can't do a weight of 0 for one link). For many of our branch sites, we'll have a coax primary and a DSL or T1 backup, which we don't want to use unless the primary goes down, so for that, we just do ECMP (equal cost multipath) with 2 static routes same distance but diff priority, and link-monitor to yank the primary if it goes down. Typically ping google quad8 & openDNS.
WLLB has some nicer features like jitter & latency based rules, as well as all the SD-WAN stuff, but again thats more for balancing load between circuits, rather than the scenario above.
@ecsupport: yeah thx for the info. Might be so but I use WLLB hence I do also need loadblanacing over the WANs.
Meanwhile I am not sure if the WLLB Health test does work as intended. It does detect when a WAN is down correctly but I am not sure wether the WLLB uses this info to not route anything over that WAN as long as it is down.
Also I found that deactivating a WAN in WLLB (not the interface itself!) create a SMTP Trap for this WAN being down even though the interface is still up and running.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.