Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Failover ISP



I have a task to double check a Fortigate's  configuration, the device is a 60F. This device has 2 WAN/ISP and obviously for failover in case the primary fails.


Recently, the primary did went down and all the users in the office didn't have internet connection, so was told by the onsite folks that the failover didn't kick in.


So I login to their Fortigate and the first thing I've check are the Network interfaces.


these are just sample IP's

WAN1: /30 Static 

WAN2: 192.168.100.x /24 DHCP

Internal: /24


The first thing I noticed is WAN2 which has a class C IP and instead of Static, it's set to DHCP/Dynamic. Not sure if this was set by their previous IT before we took them.


Below the 2 WAN/Outside interfaces is an SD-WAN Zone link which links both WAN1 and WAN2


The next thing I check are the Static Routes both WAN1 and WAN2 have a default routes




             Administrative Distance 10

             Priority 1


              Dynamic Gateway (

              Administrative Distance 20

              Priority 1


I don't know if the reason WAN2 is on class C ip is possibly it's connected to like a Cradlepoint/hotpspot from Verizon or AT&T or etc. 


I do see Admin Distance one is lower and one is higher but I might be missing something to check

I also see a policy from internal to SD-WAN link for Outbound


I did ping from source WAN1 and WAN2 and only WAN1 is working so not sure if this is enough to answer my question but kind of paranoid and maybe I still missed something to check






AN SD-WAN interface is step one. You also need to define health checks and rules.


What version of FortiOS are you running? Here are docs for 7.0. You would do well to review them:

Answer back here if you have any further specific questions.