Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rfs3pa
New Contributor II

Failover WAN Not Switching Back to Primary

Hello,

I am trying to set up automatic failover wan using link-monitor and not SDWAN.  Before I even get as far setting up the link-monitor I am running into an issue.  My primary is wan2 and backup is wan1.  I have tried setting the static route for the backup to a higher priority and/or distance value.  When they are both connected it uses wan2 (what I want) then if I unplug wan2 it switches to wan1 (also good), but when plug wan2 back in it still uses wan1.  Shouldn't it switch right back to wan2?  I think I must be using the distance and or priority incorrectly.

wan1 and wan2 are in a zone and my internet access policy uses the zone.

 

 

fd0584b5-7657-4a7a-a4b8-25b9ed72bc57.jpg

1 Solution
Toshi_Esumi

Hold on. Distance 5 is when DHCP or PPPoE injects the default route/gateway. Are they happen to be DHCP or PPPoE circuits? If that's the case, you have to disable the injection so that your static default routes would show up in the routing table.

config sys int

  edit wan1 or wan2
    set defaultgw disable
  next
end

 

Toshi

View solution in original post

16 REPLIES 16
rfs3pa
New Contributor II

Here it is.  Weird thing is [both up, working on wan2] and [wan2 restored] look the same, but when [wan2 restored] and I go whatismyipaddress.com I still see the wan1 IP.

 

Screenshot 2024-12-03 135419.png

sjoshi

please make the priority of wan1 higher than wan2 and make the AD value same

Let us know if this helps.
Salon Raj Joshi
rfs3pa
New Contributor II

No change.  No matter which one has the higher priority, it goes through wan1 whenever it is connected.

It shows wan2 with a * but I get public IP from wan1

 

Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 192.168.10.1, wan2, [1/0]
                  [5/0] via 192.168.21.1, wan1, [1/0]

Toshi_Esumi

Well, the priorities are still 1 on both side, while distance is 5 for both. So must be load balancing.
S* 0.0.0.0/0 [5/0] via 192.168.10.1, wan2, [1/0]
                    [5/0] via 192.168.21.1, wan1, [1/0]

Try via CLI.
config router static

  edit [n]    <-- wan1's static default route
    set priority 10
  next
end

Toshi

Toshi_Esumi

Hold on. Distance 5 is when DHCP or PPPoE injects the default route/gateway. Are they happen to be DHCP or PPPoE circuits? If that's the case, you have to disable the injection so that your static default routes would show up in the routing table.

config sys int

  edit wan1 or wan2
    set defaultgw disable
  next
end

 

Toshi

rfs3pa
New Contributor II

Toshi,

Thank you!  That was it.  I disabled default gw and it now works as expected.  I also tried leaving it enabled and entering a higher distance on the retrieve gw for the backup wan and that worked as well.

 

Thanks again for all of your help.  Really appreciate it!

sjoshi

can you try by making the priority of wan1 as 2 so in that case wan1 will be the backup

Since both AD and priority is same so it works as ECMP.

Further you should do below changes:-

1) Snat route change enable

2) Set priority of wan1 higher than wan2

 

Please do the needful and check once

Let us know if this helps.
Salon Raj Joshi
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors