Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rfs3pa
New Contributor II

Created on ‎12-03-2024 08:24 AM Edited on ‎12-03-2024 08:25 AM

Failover WAN Not Switching Back to Primary

Hello,

I am trying to set up automatic failover wan using link-monitor and not SDWAN.  Before I even get as far setting up the link-monitor I am running into an issue.  My primary is wan2 and backup is wan1.  I have tried setting the static route for the backup to a higher priority and/or distance value.  When they are both connected it uses wan2 (what I want) then if I unplug wan2 it switches to wan1 (also good), but when plug wan2 back in it still uses wan1.  Shouldn't it switch right back to wan2?  I think I must be using the distance and or priority incorrectly.

wan1 and wan2 are in a zone and my internet access policy uses the zone.

 

 

fd0584b5-7657-4a7a-a4b8-25b9ed72bc57.jpg

Labels:
384
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎12-03-2024 12:30 PM Edited on ‎12-03-2024 12:31 PM

Hold on. Distance 5 is when DHCP or PPPoE injects the default route/gateway. Are they happen to be DHCP or PPPoE circuits? If that's the case, you have to disable the injection so that your static default routes would show up in the routing table.

config sys int

  edit wan1 or wan2
    set defaultgw disable
  next
end

 

Toshi

View solution in original post

195
0 Kudos
15 REPLIES 15
sjoshi
Staff
Staff

Created on ‎12-03-2024 08:49 AM

Please refer below article and enable snat route change

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-SNAT-route-change-to-update-existing...

Let us know if this helps.
Salon Raj Joshi
238
AEK
SuperUser
SuperUser

Created on ‎12-03-2024 08:53 AM

Hi RFS

Do you mean that the opened sessions still use WAN1 even if WAN2 is up again, and only new sessions use WAN2?

AEK
AEK
234
0 Kudos
rfs3pa
New Contributor II
In response to AEK

Created on ‎12-03-2024 09:02 AM

Yes, I have a browser open to whatismyipaddres.com showing me the wan IP of wan 2.  If I disconnect wan2 and refresh I get the IP of wan1.  When I reconnect wan2 and refresh again I am still seeing the wan1 IP. 

I am trying to get to where once wan2 is reconnected I see the wan2 IP.

230
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to rfs3pa

Created on ‎12-03-2024 09:07 AM

As in the KB @sjoshi shared, check the config:
config system global
  set snat-route-change enable
end

Toshi

227
0 Kudos
rfs3pa
New Contributor II

Created on ‎12-03-2024 09:58 AM

I set snat-route-change to enable, it was set to disable.  I am still having the problem.  Should I be using priority or distance to weight to routes?

176
0 Kudos
sjoshi
Staff
Staff
In response to rfs3pa

Created on ‎12-03-2024 11:32 AM

share the below output:-

get router info routing-table all

get router info kernel

 

run this output before and after removing the cable

Let us know if this helps.
Salon Raj Joshi
111
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-03-2024 10:06 AM

Either way should work. Share us the first part of "get router info routing-table all" that includes the default routes, when 1) both are up and working on wan2, and 2) wan2 was removed, then 3) after wan2 is restored.

Toshi

172
0 Kudos
rfs3pa
New Contributor II

Created on ‎12-03-2024 10:36 AM

Here it is.  Weird thing is [both up, working on wan2] and [wan2 restored] look the same, but when [wan2 restored] and I go whatismyipaddress.com I still see the wan1 IP.

 


both up, working on wan2
Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 192.168.10.1, wan2, [1/0]
                  [5/0] via 192.168.21.1, wan1, [1/0]
S       10.0.0.0/8 [10/0] is a summary, Null, [1/0]
S       10.212.134.0/24 [10/0] is directly connected, ssl.root, [1/0]
S       172.16.0.0/12 [10/0] is a summary, Null, [1/0]
S       192.168.0.0/16 [10/0] is a summary, Null, [1/0]
C       192.168.1.0/24 is directly connected, internal1
S       192.168.3.0/24 [10/0] is directly connected, Steve, [1/0]
C       192.168.10.0/24 is directly connected, wan2
C       192.168.21.0/24 is directly connected, wan1

 

wan2 removed
Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 192.168.21.1, wan1, [1/0]
S       10.0.0.0/8 [10/0] is a summary, Null, [1/0]
S       10.212.134.0/24 [10/0] is directly connected, ssl.root, [1/0]
S       172.16.0.0/12 [10/0] is a summary, Null, [1/0]
S       192.168.0.0/16 [10/0] is a summary, Null, [1/0]
C       192.168.1.0/24 is directly connected, internal1
S       192.168.3.0/24 [10/0] is directly connected, Steve, [1/0]
C       192.168.21.0/24 is directly connected, wan1

 

wan2 restored
Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 192.168.10.1, wan2, [1/0]
                  [5/0] via 192.168.21.1, wan1, [1/0]
S       10.0.0.0/8 [10/0] is a summary, Null, [1/0]
S       10.212.134.0/24 [10/0] is directly connected, ssl.root, [1/0]
S       172.16.0.0/12 [10/0] is a summary, Null, [1/0]
S       192.168.0.0/16 [10/0] is a summary, Null, [1/0]
C       192.168.1.0/24 is directly connected, internal1
S       192.168.3.0/24 [10/0] is directly connected, Steve, [1/0]
C       192.168.10.0/24 is directly connected, wan2
C       192.168.21.0/24 is directly connected, wan1

38
0 Kudos
rfs3pa
New Contributor II

Created on ‎12-03-2024 10:55 AM

Here it is.  Weird thing is [both up, working on wan2] and [wan2 restored] look the same, but when [wan2 restored] and I go whatismyipaddress.com I still see the wan1 IP.

 

Screenshot 2024-12-03 135419.png

147
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.