I have 400F device and on this device we have configured around 1000 site to site VPN tunnels in active passive mode. We need to configure 330 link monitoring entries. I am able to configure 256 entries after that getting an error reached maximum entries. How can we increase the limit of link monitoring entries.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Dattatray,
Thank you for your inquiry. There are no options to increase beyond maximum value as this is a design limit. I would alternatively recommend considering sdwan configuration instead of link monitor which would be a migration project as the tunnel interfaces have to be not referenced in other config specially firewall policies before they can become sdwan members. On the plus side though sdwan offers the amount of health-checks entries you need according the max value table for 400F models and SDWAN offers more granular control and management of routing.
sdwan reference: https://docs.fortinet.com/document/fortigate/7.4.5/administration-guide/431448/sd-wan-overview
max value table: https://docs.fortinet.com/max-value-table
Thank you,
saleha
Hi Dattatray,
Thank you for your inquiry. There are no options to increase beyond maximum value as this is a design limit. I would alternatively recommend considering sdwan configuration instead of link monitor which would be a migration project as the tunnel interfaces have to be not referenced in other config specially firewall policies before they can become sdwan members. On the plus side though sdwan offers the amount of health-checks entries you need according the max value table for 400F models and SDWAN offers more granular control and management of routing.
sdwan reference: https://docs.fortinet.com/document/fortigate/7.4.5/administration-guide/431448/sd-wan-overview
max value table: https://docs.fortinet.com/max-value-table
Thank you,
saleha
Hi Saleha,
Thanks for your suggestion. We done the SDWAN configuration and it's working fine without any issue.
Thanks,
Dattatray
Another option is a routing protocol if the other end support any. We use BGP(eBGP) for about 1000 locations. Otherwise, it's time for adding another FGT.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.