Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
moelharrak
New Contributor

Monitor Links Without SD WAN

Hello everybody,

I have a Firewall connected to Dual ISP , WAN1 and WAN2:

WAN1 is used by the Staff_NET to go to the Internet.

WAN2 is used by WIFI Client to surf the Internet.

My goals is to :

- Configure the Failover (means Staff-NET VLAN can use WAN2 if WAN1 goes Down and also WIFI client can use  WAN1 if their primary link (WAN2) goes Down. --> For that I used "Policy Routes" as follow:

Staff_NET --> WAN1

WIFI_Client --> WAN2

Staff_NET --> WAN2

WIFI_Client --> WAN1

I'm Assuming that rules are read by sequence number. Is this config is correct or there is a better way?

- My second concern is to know how to configure Link Monitor for example ping 8.8.8.8 from WAN1 is there is no response the route will be disabled ?

Any idea ?

Thank you

6 REPLIES 6
boneyard
Valued Contributor

any reason you dont want to use SD-WAN?

 

policy routes are read in order indeed

 

for the monitoring you will have to go to the CLI only system link-monitor

https://kb.fortinet.com/k....do?externalID=FD44679

moelharrak

Thank for your answer ,

Well I don't want to use SD-WAN because I have two unequal Links(WAN1 and WAN2) and I have two LAN Networks , I want LAN1 to use the WAN1 and LAN2 to use the WAN2 this is the company policy for now, BUT we want traffic to use other link only if their Primary WAN that is dedicated for it is DOWN.

This why I see that using Policy routing and Link monitor is the best option.

boneyard
Valued Contributor

SD-WAN should be able to handle unequal links fine, it is quite broad in applications.

 

but it is your choice, policy routes and link monitor will do something similar. what im missing is the GUI part of it, SD-WAN makes it all a little easier to configure and monitor.

moelharrak

I have just done a test using  SD-WAN and I think it's working fine , I was thinking that with SD-WAN I can't force LAN1 to use the WAN1 and LAN2 to use the WAN2 and do the failover if any WAN link goes DOWN , but apparently it works using "SD-WAN Rules" and "Performance SLA".

Is that correct what I did or there is a better approach?

ede_pfau

SD-WAN rules are policy routes. No wonder it works this way now.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
moelharrak
New Contributor

Thank all of you for your answers :)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors