Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate HA Cluster + BGP Dual WAN cenario to same ISP and AS



I have been trying to implement an HA Cluster with dual WAN load balancing. Local Fortigates have the same AS, and the ISP neighboors too.


I am not adding any metrics since it was told by ISP that CORE would do load balancing.


The problem is, it is only possible to have 1 established BGP session at the same time. The other one stays allways on mode active unless the previous session disconnects. Is there any command to issue the Cluster to have 2 sessions the same time? Or maybe the problem is with the Core peers (Loop prevention?)


What happens:

FW_GOPACA_185257_SEC # get router info bgp summary 
BGP router identifier X1, local AS number 65081
BGP table version is 2
2 BGP AS-PATH entries
0 BGP community entries
Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
X1    4       2860   11646   13308        1    0    0 2d00h30m        1
X2  4       2860       0       0        0    0    0    never Active     
Total number of neighbors 2
FW_GOPACA_185257_SEC #  


Note: Both fortigates connect via WAN 1 and WAN 2 to ISP primary and secundary given address. VLANs where checked and tested on local switchs. HA mode is OK and in mode Active-Passive. Route-map is only used to announce a prefix-list to core.


Configs bellow:


config router bgp     set as 65081     set router-id X1     set ebgp-multipath enable     config neighbor         edit "X1"             set remote-as 2860             set route-map-out "ToNOS"             set send-community6 disable             set password ENC LCPzRWp+p/ceSAfwuI2vb+XhC/rzW1pNOUXI1kKhZM739msCdrHpko5QANMDC3l40zLyH1s+MJr9my/gbh0Dto3e3iK9ixfwvnb4cnGKQPbz5qLa8DCgt0XUMO5FPKpZUqJXz2LgrjERXLmk+VDkAgiBFz7lrDnb3kUG/a/6JGHP1bz7C3jXh+WosWzxsdsUvK7eqg==         next         edit "X2"             set remote-as 2860             set route-map-out "ToNOS2"             set send-community6 disable             set password ENC FJvnjaxbejVQLUhx05KNfkJcSK7IpjP/nvIX/L0xGaszNlfMCSv5nv1LZgVO3ZERSFEDXkzIusjnikkyt/f+Oc+ccP7Blt+Y78DH64ImuAioVXYVtAgddmakXhh562WrnNwW9FpDEodqF2x7kn3OHhxrkAwj5Sh86veT4AnTwH70cJWtj7GQSS6C0/Nw31HjImFwSQ==         next     end


Thank you.

New Contributor



Turned out that i find a way to fix it. There were misconfiged switches on local network.


Now i get the following routing table:


FW_GOPACA_185257_SEC # get router info bgp network
BGP table version is 4, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*>             0             0 2860 174 i
*                    0             0 2860 174 i
*>                       100  32768 i
Total number of prefixes 2


It turns out the the first hop is being prefered over the second one. How can i fix it in order to both hops become prefered?


Thank you


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors