I thought I would configure failover - LTE at home.
I made a sdan, configured the gateways, static routings, politics, etc. The internet is working, but I am not happy with Failover. Why?
E.g. During working on a company laptop (company VPN)
I want to do a test. On FGT, I'm turnning off the WAN1(primary) interface and then Forti is switching to WAN2(backup). After about 30 seconds, I revert to WAN1 (so that the FGT will come back to the main ISP) and im seeing in Dashboard and logs that the part of the sessions continues to fly around Wan2 (LTE).
To completely cut those sessions, I have to turn off the WAN2 interface, then business laptop breaks the connection and after 3 seconds its reconnection again, but already with WAN1 - and that's what it should be, but why does it not work automaticly?
I don't know why Forti continues to maintain the sessions of the company laptop on a spare WAN2 - can it be because its VPN traffic?
Solved! Go to Solution.
Hi @romank,
Do wan1 and wan2 have the same priority? For session failover, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-Change-and-Session-Fail-over-with...
Regards,
Hi @romank,
Do wan1 and wan2 have the same priority? For session failover, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-Change-and-Session-Fail-over-with...
Regards,
Created on 12-21-2023 09:57 AM Edited on 12-21-2023 09:59 AM
No, Wan1 has 1, Wan2 has 2. Cost and Priority are different :)
Created on 12-22-2023 10:37 AM Edited on 12-22-2023 10:38 AM
Thx mate. It works!.
That did the trick.
config system global
set snat-route-change enable
end
User | Count |
---|---|
1921 | |
1144 | |
769 | |
447 | |
277 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.