Hi guys.
I have a pair of VM-based Fortigates (VM00) configured to work in a topology described here: https://cookbook.fortinet.com/sd-wan-with-fgcp-ha-expert-60/
I'm a bit confused by one thing however. That's what the article says about testing failover scenarios:
To test failover of the redundant Internet configuration, you must simulate a failed Internet connection to one of the ports. You can do so by disconnecting power from the wan1 switch or otherwise disconnecting the wan1 interfaces of both FortiGates from ISP 1.
Specifically I'm confused by "disconnecting the wan1 interfaces of both FortiGates from ISP 1.". This scenario works fine, but what if, for instance, WAN1 of only the first Fortigate fails?
As I understand, "monitor interfaces" feature will save me in a scenario like this. I'm not, however, able to test this cause I'm doing all of this inside a virtualized envronment (EVE-NG), so I can't emulate physical interface failure. Can someone confirm this feature is acceptable in such scenario?
Also, "monitor interfaces" is only for physical link failures. Is there any way to prevent traffic blackholing in case my link's up, but the GW is not reachable? I was thinking of Remote Link Failover: https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_failoverRemo... but I encountered some problems during the configuration so I'm not relly sure this feature is acceptable for my scenario.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
OK, so to answer my question: you just need to configure two SD-WAN Perfomance SLA rules, one for the first ISP, one for the second, and it will work like a charm. Ping checks are only perfoemed from the current active HA member. So no matter what kind of failure you'll have - ISP's WAN failure link or only your HA active member WAN1 port failure - with Perfomance SLA rule your active HA member will switch to WAN2 in such scenario.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.