Hi,
I just want to get some advice, I currently have a FortiWifi 50E firewall in place with a fiber connection going into WAN1, however I will be installing a fail over fiber connection into WAN2, now what I want to find out is, I would like to use WAN 2 Exclusively as a fail over and not a load balance with fail over, would this be possible?
I had the idea of if I enable the SD-WAN feature, add my 2 WAN interfaces, but specify WAN1 with 100% traffic, and then if I setup link monitoring via the "Performance SLA" and setup SD-WAN Rules to fail over to WAN 2 based on the Performace SLA?
Am I incorrect in assuming that that will work?
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you just want to set up a failover, we just had another discussion at below using "link-monitor":
https://forum.fortinet.com/tm.aspx?tree=true&m=179124&mpage=1
But I understand you want to set up SD-WAN. I'm actually relatively new to this feature mainly because it was quite painful to remove all direct references to those two individual circuits, which kept me away from it for more than a year.... So just take my comment as one of examples. Hopefully other experts would give you better suggestions.
Anyway, how I'm using it for a failover is to set load balancing algorithm to "Volume". Then set the weight of the main circuit to 10 and backup to 0. Then set performance SLA on both sides. Probably only the main side needs it though.
I've configured the SD-WAN with the exact way you've said Nark0t and it works perfectly. Set the SLA as 100% packet loss only, and have WAN1 as the primary link and WAN2 as the secondary.
neonbit wrote:Okay awesome, at least Im on the right track :), now my next dilemma is, once the fail over to WAN2 has taken place due to WAN1 doing down, the based on the Link Monitor SLA being set to 100% for WAN1 that in theory should switch the link from WAN2 fail over back to WAN1 as soon as the WAN1 link becomes available again?I've configured the SD-WAN with the exact way you've said Nark0t and it works perfectly. Set the SLA as 100% packet loss only, and have WAN1 as the primary link and WAN2 as the secondary.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.