I am unable to understand why we one ISP1 goes down then traffic is not being moved via secondary ISP2
1. We have two ISP - ISP1 & ISP2, when one of the ISP goes down traffic does not move automatically via another ISP. 2. Once we disable interface of down ISP (ISP1) then traffic move via another ISP (ISP2).
Let us know what can be issue.
What are the initial parameters to troubleshoot it.
1) Do you have static IP address or DHCP/PPPoE on your ISP interfaces?
2) When you say ISP1 is down, do you mean that ISP1 is not able to route traffic but physical connection is up, correct?
3) How is your routing? Only static routing with default routes?
4) Do you have health-checks with update-static-route enabled?
For these cases, it is always good to perform debug flow when the problem is reproduced to see if the session was re-evaluated. And also examine routing-table before failure and during the failure to see if the routing-table acknowledged that there is some problem with ISP.
Thank you for reaching the Fortinet Support forum portal,
Can you please answer below questions : -What is the current firmware version you are using on the FortiGate and Fortigate firewall model? -How did you configure the sd-wan rules manually, based on sla performance? -Do you have a static IP address or DHCP/PPPoE on your ISP interfaces? -When you say ISP1 is down, do you mean that ISP1 is not able to get route traffic but the physical connection is up, correct?
- How is your routing? Did you configure routing based on individual static routes or via sd-wan interface, Only static routing with default routes?
-Do you have health checks with update-static-route enabled?
If you have not configured based on SLA then check the rules parameters of which process you choose. If you want to configure an automatic process refer below articles and configure based on the SLA parameter best quality.
Please reply with the information requested earlier so that we can confirm if it is supposed to be switched or not. It depends on your configuration under sd-wan rules and sd-wan members. Any screenshots as a reference would much help.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.