I have an architecture where ISP is directly connected ISP-sw1 & then from there one cable goes to Primary firewall & second cable goes to secondary firewall.
Same I have secondary ISP link and is connected to ISP-sw2 & then from there one cable goes to primary and second cable goes to secondary.
I want to configure link monitor on WAN interface (2 and 6) of firewalls for HA failover as the current FortiOS has a bug, Bug is the port will always up even we remove the cable.
I want to make the firewall failover in case firewall does not receive 10 ICMP reply on wan links (2 and 6) .
So, My question is, If the ISP link goes down from ISP side then the primary firewall will do the failover but on the secondary firewall (which will be primary after the failover) will also check that the link is down & it will do the failover.
Am i correct on the above statement. If it is true then the firewall will do the failover every time. after 10 RTO.
Kindly correct me on my statement. Thanks, Attached is the snapshot.