Dear all,
this my first post! I appreciate your help :)
I never used a fortigate, this is my first experience.
I configured a Fortigate 60D (firmware 5.2.1) with two interface Wan and i created a WAN link load balancing set "Weighted Round Robin 50/50"
The problem is pretty simple: The Interface wan2 doesn't work in any way.
I disabled interface Wan1, and i'm able with interface WAN 2 to ping the Router via Cli but i'm not able to ping 8.8.8.8
Connected with my laptop directly to the router interface with the same Fortigate's IP address i'm able to surf in internet.
I am not authorized to access the router configuration because they are owned by our ISP.
So 'm not sure where the problem is.
Below some screenshots of my configuration:
anyone can help me?
Hello All,
I have done several tests and it seems that the problem is only with the WAN2. The same connection configured on WAN1 works, on WAN2 it doesn't.
It would appear that WAN2 is disabled in some way.
I have already made a hard reset of the device and it does not solve the problem.
Any idea?
Hey Jerax,
what does your routing look like?
Just because load-balancing is configured doesn't mean FGT will automatically use both links (equally or at all).
I would start with this:
#get router info routing-table all
-> that should provide some info as to what your routing looks like and the default route looks like
-> if you only see wan1, then FGT doesn't have a default route via wan2 and won't use it
Hi Team,
I will suggest you to take packet capture at next hop to isolate the issue.
If the request is reaching the router then it could be isp issue.
Also, share us the output of these commands:
diag hardware deviceinfo nic wan2
get sys performance status
Thanks everyone for the reply.
So I'm sure the problem is not ISP side because I tried to configure the WAN1 with the parameters of the WAN2 and it worked without problems and I also tried to configure the interface WAN2 with the parameters of the WAN1, and as I assumed the Wan2 doesn't work.
and before you ask me I removed the Load balance and tried to configure the interfaces individually, from the WAN2 I can not surf the Internet with any configuration. In wan1, same configuration everything works.
"Just because load balancing is configured doesn't mean FGT will automatically use both links (equally or at all)."
I understand this point, but if I put the WAN1 interface in "administrative sleep mode", the interface 2 has to start working, otherwise I think there is no point in doing a load balancing.
hm did you configure some health check for your loadbalancer? It needs that to detect a non functional internet connection and remove its route.
without the wan goes down but the route stays so 50% packets still go to it...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello!
yes i did! Healt check configurated like this:
Probe type: Ping
Server: 8.8.8.8
Interval 5
Failure 5
recovery 5
did you enable the "Update static route" option in there?
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hum...hum...i do not see this option!
where is it?
on a 100F with FortiOS 6.4.9 I see it in Network->Performance SLA
when I edit a healthcheck in there i see this option at the very bottom.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.