Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aseques
Contributor

Created on ‎04-23-2015 02:09 AM

Multiple IPs in health check?

Hello, after reading this, and looking into the gui, it seems that fortigate only supports monitoring to a single IP. This is quite inconvenient because it can be affected for temporary provider issues, rate limitting, monitored ips that change (i.e a public dns server that stops accepting pings).

Are there any plans to change this? Or is there any workaround so I can have a more stable verification?

10392
0 Kudos
1 Solution
ede_pfau
SuperUser
SuperUser

Created on ‎07-02-2015 05:21 AM

In FortiOS v5.2 this has been moved to 

config system link-monitor
You can specify multiple server addresses to enhance reliability:
config system link-monitor
    edit "one"
        set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
        set status disable
    next
end

Same applies to FortiOS v5.0:

config router gwdetect
    edit 1
        set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
    next
end

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
4326
0 Kudos
5 REPLIES 5
Dave_Hall
Honored Contributor

Created on ‎04-24-2015 06:55 AM

I would check the CLI reference guide to see if there are more options available; usually the GUI is limited in what options you can configure from it.  Going on your posted link, it seems you are after ldb-monitor.

 

But from your description it sound more like you are after Dead Gateway Detection

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
21 KB
4277
0 Kudos
aseques
Contributor
In response to Dave_Hall

Created on ‎07-02-2015 02:50 AM

Sorry I forgot to reply, in fact I am after DPD, thanks to your pointers I checked a bit more and it seems it's not possible to use more than one ip address in the checks, we end up using fortinet public ping servers (or google's 8.8.8.8).

4277
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎07-02-2015 05:21 AM

In FortiOS v5.2 this has been moved to 

config system link-monitor
You can specify multiple server addresses to enhance reliability:
config system link-monitor
    edit "one"
        set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
        set status disable
    next
end

Same applies to FortiOS v5.0:

config router gwdetect
    edit 1
        set server "8.8.8.8" "8.8.4.4" "1.2.3.4" "5.6.7.8"
    next
end

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4327
0 Kudos
aseques
Contributor
In response to ede_pfau

Created on ‎07-03-2015 01:50 AM

Oh, you nailed it, it seems that the docs are not specific enough (extracted from here) and only mention 'addresses' but on the format it states that you should put server <ipv4_addr_str>

server <ipv4_addr_str> Enter th IP addresses of the servers to be monitored. No default

 

Thank you so much!

4277
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎07-03-2015 02:58 AM

I'm happy I could help. Good question.

When I once configured DGD with only one ping server it caused a WAN line failure just because they took the server down for maintenance...and I had no clue why the internet access was broken. Not nice.

 

Now, the only other trouble with DWD is that it tears down static routes, as it should, but not policy routes. That is, as far as I know and the docs tell me. Traffic would still be diverted to an interface which is proven without connectivity, and backup routes will not apply here.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4277
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.