FortiGate 60D with FortiOS 5.0.7
I have setup Dual WAN connection per this article: http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_install-dual-internet.html
wan1 / primary connection is Cable Modem w/Static IP
wan2 / backup connection is DSL with Dynamic IP
I' ve followed the article exactly except under Router / Static / Settings / Dead Gateway Detection, I am using pingserver.fortinet.com for both wan1/wan2 and I' ve changed internal and failover to 2 for both connections as well.
Note that I did NOT setup the redundant configuration to use ECMP.
wan1 route is statically defined with distance of 10 and priority 0
wan2 being DHCP with route being pulled from gateway, the distance on wan2 interface is set to 20. I did not specify a priority for wan2 in CLI
Failover from wan1 to wan2 works without an issue, but sometimes fallback to wan1 never occurs, or it takes a really long time to occur after wan1 comes back online. When the fallback never occurs, rebooting the device does the trick and it comes back up using wan1 again for outbound connections. I can' t find anything useful in logs so I' m a bit stumped on why the fallback never occurs or takes extended periods of time.
We have configured the same setup and working fine...
Did you enabled icmp ping under router setting and the ping to gateways or any other ip...
Common ip will ping if the wan1 went down with the help of wan2...
Under Router / Static / Settings I have ECMP Load Balancing Method set to Source IP Based.
Under Router / Static / Settings / Dead Gateway Detection I have two entries, one each for wan1 and wan2. They are both dentical:
Gateway IP - 0.0.0.0
Ping Server - pingserver.fortinet.net
Default Protocol - ICMP Ping
Ping Interval (seconds) - 2
Failover Threshold (Pings lost consecutively - 2
HA Priority - 1
For Dead Gateway Detection on wan1, which is static, should I change " Gateway IP" to the actual Gateway IP for the connection? For wan2, it' s DHCP, so I don' t know the gateway, what would I put here?
Should HA priority be adjusted? I want to treat wan1 as active/primary and wan2 as passive/backup
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.