Hi all,
I have 1 firewall on site but with 2 different internet connections to 2 different ISP's.
Basic configuration for static route having backup link with higher priority (5) and primary (1).
My question is that if the physical connection to the internet provider is up but their service is down (route-lost within ISP network), how can I configure the firewall to fail-over to the secondary? It seems the only work-around I can do is ask local support to physically remove the primary so that the secondary could fail-over.
Please let me know if you need further information.
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Use Dead Gateway Detection:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30626
Can you further explain about the ping server? The firewall is accessible via internet and not on a WAN, do we ask the provider to provide an IP address that we can ping? Will 8.8.8.8 suffice?
I just looked at the firewall and the model is 100D, and the dead gateway feature is not present. Using 5.0 as firmware.
*** NEVERMIND, FOUND THE DEAD GATEWAY ECMP FEATURE UNDER System > Router > Static Route > Setting > Create New
ashukla wrote:Use Dead Gateway Detection:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30626
If you already use v5.2.2 then create a Virtual WAN link with wan1, wan2. All Dead Gateway Detection settings in one place, targets can be pinged or HTTP-getted and more.
+
if you want the second link to only become active after failover then you would set the distance higher than on the primary link, not the priority. If you set the distances equal and equal priorities then you have load balancing over both links at the same time. If the prios differ, you've got a backup link.
It is configured that way
EXTERNAL = member port is wan1
EXTERNAL 2 = member port wan2
EXTERNAL Static route has priority 1
EXTERNAL 2 Static route has priority 5
I am asking if the provider link is not hard down, but their internet service is **** (re-route or next hop down within the provider). How can I configure the firewall to automatically failover?
I am using a Fortigate 100D and v5.0 and the Dead Gateway Detection is not present on System > Network Interfaces...
*** NEVERMIND, FOUND THE DEAD GATEWAY ECMP FEATURE UNDER System > Router > Static Route > Setting > Create New
ede_pfau wrote:If you already use v5.2.2 then create a Virtual WAN link with wan1, wan2. All Dead Gateway Detection settings in one place, targets can be pinged or HTTP-getted and more.
+
if you want the second link to only become active after failover then you would set the distance higher than on the primary link, not the priority. If you set the distances equal and equal priorities then you have load balancing over both links at the same time. If the prios differ, you've got a backup link.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.