We are talking here about BOTH fallback AND policy routes. I reinitiated a relevent thread here: [link]http://support.fortinet.com/forum/m.asp?m=5477[/link] Thank you for pointing to the Tech Note about assymetric routing. VA

I must be reading this wrong, to me, enabling this willl break it, not fix it. With the description in the CLI Guide; Enable or disable support for asymmetric routing. (default is disabled) Using asymmetric routing, packets that are part of the same session travel different routes and pass through different gateways. Therefore, having the session traffic pass back to the wrong source interface will effectively break it, not fix it. To have two internet connections, you would need to have a primary & secondary gateways (or two with the same metric in v2.8). This will allow the unit to return the session packets back through the interface it originated. Or am i just getting confused here.

Hi UkWizard, I started a new thread related to the issue here: [link]http://support.fortinet.com/forum/m.asp?m=5477[/link] VA

Hi there Well... ...there is no workaround or fix yet, and the case is still opened at fortigate support, thell ask a question and then does nothing for some weeks then ask another question, and so one.. Still, i have learned to live with this problem. Mostly since a ISP failover is not an repeating task (hopfully). The last 2 month i have had 4 live failovers/fallbacks - and every time all my " current sessions" hang for a couple of minutes at the same time all " new sessions" works on the fly. I also have 2 IPSec VPN tunnels, and have managed to make these working during a failover. One with " dual endpoints" towards a Clavister firewall, and one using " LocalID/PEER ID" towards a NetScreen firewall. I also have incoming mail during failover, so now when my ISP fails to deliver internet and failover occurs, i have most of my production up and running in a a few minutes le´ automatic´ quite nice! ..and give my best regards to Mats Sundin in Toronto :)