Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rfs3pa
New Contributor II

Created on ‎12-03-2024 08:24 AM Edited on ‎12-03-2024 08:25 AM

Failover WAN Not Switching Back to Primary

Hello,

I am trying to set up automatic failover wan using link-monitor and not SDWAN.  Before I even get as far setting up the link-monitor I am running into an issue.  My primary is wan2 and backup is wan1.  I have tried setting the static route for the backup to a higher priority and/or distance value.  When they are both connected it uses wan2 (what I want) then if I unplug wan2 it switches to wan1 (also good), but when plug wan2 back in it still uses wan1.  Shouldn't it switch right back to wan2?  I think I must be using the distance and or priority incorrectly.

wan1 and wan2 are in a zone and my internet access policy uses the zone.

 

 

fd0584b5-7657-4a7a-a4b8-25b9ed72bc57.jpg

Labels:
387
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎12-03-2024 12:30 PM Edited on ‎12-03-2024 12:31 PM

Hold on. Distance 5 is when DHCP or PPPoE injects the default route/gateway. Are they happen to be DHCP or PPPoE circuits? If that's the case, you have to disable the injection so that your static default routes would show up in the routing table.

config sys int

  edit wan1 or wan2
    set defaultgw disable
  next
end

 

Toshi

View solution in original post

198
0 Kudos
15 REPLIES 15
sjoshi
Staff
Staff
In response to rfs3pa

Created on ‎12-03-2024 11:33 AM

please make the priority of wan1 higher than wan2 and make the AD value same

Let us know if this helps.
Salon Raj Joshi
103
0 Kudos
rfs3pa
New Contributor II
In response to sjoshi

Created on ‎12-03-2024 11:43 AM Edited on ‎12-03-2024 11:49 AM

No change.  No matter which one has the higher priority, it goes through wan1 whenever it is connected.

It shows wan2 with a * but I get public IP from wan1

 

Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 192.168.10.1, wan2, [1/0]
                  [5/0] via 192.168.21.1, wan1, [1/0]

132
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to rfs3pa

Created on ‎12-03-2024 12:23 PM

Well, the priorities are still 1 on both side, while distance is 5 for both. So must be load balancing.
S* 0.0.0.0/0 [5/0] via 192.168.10.1, wan2, [1/0]
                    [5/0] via 192.168.21.1, wan1, [1/0]

Try via CLI.
config router static

  edit [n]    <-- wan1's static default route
    set priority 10
  next
end

Toshi

118
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎12-03-2024 12:30 PM Edited on ‎12-03-2024 12:31 PM

Hold on. Distance 5 is when DHCP or PPPoE injects the default route/gateway. Are they happen to be DHCP or PPPoE circuits? If that's the case, you have to disable the injection so that your static default routes would show up in the routing table.

config sys int

  edit wan1 or wan2
    set defaultgw disable
  next
end

 

Toshi

199
0 Kudos
rfs3pa
New Contributor II
In response to Toshi_Esumi

Created on ‎12-03-2024 12:52 PM

Toshi,

Thank you!  That was it.  I disabled default gw and it now works as expected.  I also tried leaving it enabled and entering a higher distance on the retrieve gw for the backup wan and that worked as well.

 

Thanks again for all of your help.  Really appreciate it!

95
0 Kudos
sjoshi
Staff
Staff
In response to rfs3pa

Created on ‎12-03-2024 12:31 PM

can you try by making the priority of wan1 as 2 so in that case wan1 will be the backup

Since both AD and priority is same so it works as ECMP.

Further you should do below changes:-

1) Snat route change enable

2) Set priority of wan1 higher than wan2

 

Please do the needful and check once

Let us know if this helps.
Salon Raj Joshi
111
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.