FortiGate61 E or F needs to be rebooted to restore connection to WAN1
We are having to periodically reboot our FortiGates to restore its connection to WAN1 after it has failed-over to WAN2. The service to the ISP modem that is connected to WAN1 appears to drop momentarily and restores on its own or restores after the ISP modem is rebooted but the FortiGate will not reconnect to WAN1 unless the FortiGate is rebooted.
FortiIOS Firmware v6.4.5
WAN1 and WAN2 are configured for DHCP
The following is the SLA and WAN-Failover we currently use in our configuration:
config health-check edit "Internet SLA" set server "126.96.36.199" "188.8.131.52" set interval 1000 set failtime 60 set recoverytime 180 set members 0 config sla edit 1 set latency-threshold 500 set jitter-threshold 500 set packetloss-threshold 10 next end next end config service edit 1
set name "WAN-Failover" set mode sla set dst "all" set src "Local Store" config sla edit "Internet SLA" set id 1 next end set priority-members 1 2
I have not determined where the issue lies, but at reviewing the system event logs on a FGT that experienced this issue yesterday, it shows the link-monitor for interface WAN1 and the primary VPN going down and the link-monitor for backup interface WAN2 coming up, but once it is determined that the primary ISP modem is online and the FGT and ISP gateways can be pinged from WAN1, the only way to get it to fail back over to WAN1 is to reboot the FGT.
If your FortiGate 61E or 61F needs to be rebooted to restore connection to WAN1, it could be due to several reasons. Here are some steps you can take to troubleshoot the issue:
Check the physical connection: Ensure that the WAN1 interface is securely connected to the appropriate network device and that there are no physical issues with the cable.
Check the WAN1 configuration: Verify that the WAN1 interface is configured correctly. Check the IP address, subnet mask, default gateway, and DNS settings.
Check the DHCP lease time: If you are using DHCP to obtain an IP address for the WAN1 interface, check the DHCP lease time. If the lease time has expired, the FortiGate may lose the WAN1 IP address and need to be rebooted to restore the connection.
Check the WAN1 status: Check the status of the WAN1 interface. If the interface is down, try to bring it up manually by running the command "execute wan1" from the CLI.
Check the FortiGate logs: Check the logs for any error messages related to the WAN1 interface. The logs can be found in the FortiGate web interface under Log & Report > Log Access > Forward Traffic.
Update the firmware: If the issue persists, check for firmware updates for the FortiGate. Firmware updates may address known issues that can cause connectivity problems.
Contact Fortinet support: If you have tried all of the above steps and are still experiencing issues, contact Fortinet support for further assistance. They can help you diagnose the issue and provide guidance on resolving the problem.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.