Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rodrigo
New Contributor

Created on ‎09-26-2007 03:34 PM

Dual Wan - Internal Failover not Working

Hi! Please Forgive my Bad and Poor English!!! I have a FG 60 (Fortigate-60 3.00,build8509,070705) with Dual Wan connection and one " LocalLan" . I Have Static IP in one of the ISP and Automatically Assigned (DHCP) in the other ISP (reserved in ISP to always use the same). I Setup a Dual Wan scenario with Link Redundancy as described in [link=]http://kc.forticare.com/default.asp?id=376&SID=&Lang=1[/link]. My goal was keep Internet Connection when one of the Wan Link is Down, and provide external access to services like Web, SMTP (with MX Balance) and Terminal Service Connections (I Have two " A" records pointed to my externals IPs) so I configured the same " Distance" between networks to provide Internal and External access. Also, I " UnCheck" the " Retrieve default gateway from server." checkbox to define " Interface Priority" in Cli (as shown below). Sometimes, when I loss connectivity from one of the Wan link, nobody can gain Access from Lan, but external traffic coming from " Working WAN Link" access is mantained and Working Fine. When Link is Back, I need to reset device to allow Outgoing traffic again (I have two policies allowing traffic from lan to wan1 and wan2. My Question is: FG OS support my needs? My settings are correct? It' s correct to receive the DHCP Default Gateway Option in DHCP Enabled WAN? If Yes, How I define Wan Priority? My relevant Settings: config router static edit 2 set device " wan1" set gateway 24.232.43.1 set priority 2 next edit 3 set device " wan2" set gateway 190.12.98.121 next end config system interface edit " internal" set vdom " root" set ip x.x.x.233 255.255.255.0 set allowaccess ping https ssh http set type physical next edit " dmz" set vdom " root" set ip x.x.x.1 255.255.255.0 set allowaccess ping https set status down set type physical next edit " wan1" set vdom " root" set mode dhcp set distance 10 set priority 2 set allowaccess ping set gwdetect enable set detectserver " x.x.x.1" set log enable set type physical next edit " wan2" set vdom " root" set ip x.x.x.125 255.255.255.248 set allowaccess ping https set gwdetect enable set detectserver " X.x.x.249" set log enable set type physical set description " Wan xxxxx" next end Thanks in Advance
Regards
Rodrigo
687
0 Kudos
0 REPLIES 0
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.