Hello everyone,

I'd like to better understand the "set update-static-route" command and the effects of "enable" and "disable" settings.

I read several articles but I want to make sure what I'm doing because I'm setting up a firewall remotely on a remote site where it's difficult to dispatch so I'd like to avoid making stupid mistakes.

We have two WAN links, ext1 is fiber and ext2 is cellular, so ext1 needs to be primary and ext2 secondary. We are not looking at improving performance, we just want extra reliability so everything fails over automatically to ext2 if ext1 fails, and also it fails back automatically to ext1 when it comes back.

There's a passage in this article that annoys me : Link-Monitor Explained - Fortinet Community

**set update-static-route Enable/disable updating the static route, default: enable”
[** It is advised to keep disabled as it may cause the production environment down , Make sure it's working before enabling it]

I think I need to at least put "set update-static-route enable" in ext1 link-monitor configuration so it removes the route from the route table when ext1 fails so ext2 can take over. No need to put it in ext2 because ext1 is primary so it can stay in the route table even if failed. After reading that article, I'm not sure anymore, I do not want to bring the production environment down.

Also the part where it removes the route when link-monitor fails, the failover part, is kinda explained, but when let say ext1 comes back online, how does it work, that part is not explained much, the fallback, I'd like to know technically how it works if possible.

I want to make sure it falls back automatically because the ext2 is 16 Mbits and ext1 is 100 Mbits, so significant performance drop to stay on ext2. Good for backup purposes but we want to avoid it at all costs.

You can see my current configuration below:

FW-1 # show system link-monitor

config system link-monitor
edit "1"
set srcintf "ext1"
set server "8.8.8.8" "8.8.4.4" "1.1.1.1" "1.0.0.1"
set gateway-ip 000.111.222.333
set update-cascade-interface disable
set update-static-route disable
next
edit "2"
set srcintf "ext2"
set server "8.8.8.8" "8.8.4.4" "1.1.1.1" "1.0.0.1"
set gateway-ip 444.555.666.777
set update-cascade-interface disable
set update-static-route disable
next
end

FW-1 # get router info routing-table static

Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 000.111.222.333, ext1, [1/0]
. . . . . . . . . . [10/0] via 444.555.666.777, ext2, [100/0]
*omitting the other static routes for a shorter post*

FW-1 # diagnose sys link-monitor status

Link Monitor: 1, Status: alive, Server num(4), cfg_version=0 HA state: local(alive), shared(alive)
Flags=0x1 init, Create time: Thu Jun 19 13:57:55 2025
Source interface: ext1 (5)
VRF: 0
Gateway: 000.111.222.333
Interval: 500 ms
Service-detect: disable
Diffservcode: 000000
Class-ID: 0
Transport-Group: 0
Class-ID: 0
Peer: 8.8.8.8(8.8.8.8)
Source IP(000.111.222.334)
Route: 000.111.222.334->8.8.8.8/32, gwy(000.111.222.333)
protocol: ping, state: alive
Latency(Min/Max/Avg): 23.491/23.795/23.626 ms
Jitter(Min/Max/Avg): 0.004/0.211/0.064 ms
Packet lost: 0.000%
MOS: 4.392
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 2012288, Sequence(sent/rcvd/exp): 46745/46745/46746
Peer: 8.8.4.4(8.8.4.4)
Source IP(000.111.222.334)
Route: 000.111.222.334->8.8.4.4/32, gwy(000.111.222.333)
protocol: ping, state: alive
Latency(Min/Max/Avg): 20.367/20.781/20.476 ms
Jitter(Min/Max/Avg): 0.009/0.275/0.064 ms
Packet lost: 0.000%
MOS: 4.394
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 2012347, Sequence(sent/rcvd/exp): 46745/46745/46746
Peer: 1.1.1.1(1.1.1.1)
Source IP(000.111.222.334)
Route: 000.111.222.334->1.1.1.1/32, gwy(000.111.222.333)
protocol: ping, state: alive
Latency(Min/Max/Avg): 17.089/17.385/17.236 ms
Jitter(Min/Max/Avg): 0.007/0.201/0.083 ms
Packet lost: 0.000%
MOS: 4.396
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 2012792, Sequence(sent/rcvd/exp): 46745/46745/46746
Peer: 1.0.0.1(1.0.0.1)
Source IP(000.111.222.334)
Route: 000.111.222.334->1.0.0.1/32, gwy(000.111.222.333)
protocol: ping, state: alive
Latency(Min/Max/Avg): 17.052/17.362/17.233 ms
Jitter(Min/Max/Avg): 0.002/0.166/0.060 ms
Packet lost: 0.000%
MOS: 4.396
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 2012776, Sequence(sent/rcvd/exp): 46745/46745/46746

Link Monitor: 2, Status: alive, Server num(4), cfg_version=0 HA state: local(alive), shared(alive)
Flags=0x1 init, Create time: Thu Jun 19 13:57:55 2025
Source interface: ext2 (40)
VRF: 0
Gateway: 444.555.666.777
Interval: 500 ms
Service-detect: disable
Diffservcode: 000000
Class-ID: 0
Transport-Group: 0
Class-ID: 0
Peer: 8.8.8.8(8.8.8.8)
Source IP(444.555.666.778)
Route: 444.555.666.778->8.8.8.8/32, gwy(444.555.666.777)
protocol: ping, state: alive
Latency(Min/Max/Avg): 36.376/54.634/42.710 ms
Jitter(Min/Max/Avg): 0.104/16.255/4.969 ms
Packet lost: 0.000%
MOS: 4.377
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 15205, Sequence(sent/rcvd/exp): 46745/46745/46746
Peer: 8.8.4.4(8.8.4.4)
Source IP(444.555.666.778)
Route: 444.555.666.778->8.8.4.4/32, gwy(444.555.666.777)
protocol: ping, state: alive
Latency(Min/Max/Avg): 35.251/50.594/43.404 ms
Jitter(Min/Max/Avg): 0.059/15.290/6.089 ms
Packet lost: 0.000%
MOS: 4.375
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 15205, Sequence(sent/rcvd/exp): 46745/46745/46746
Peer: 1.1.1.1(1.1.1.1)
Source IP(444.555.666.778)
Route: 444.555.666.778->1.1.1.1/32, gwy(444.555.666.777)
protocol: ping, state: alive
Latency(Min/Max/Avg): 34.345/54.572/42.617 ms
Jitter(Min/Max/Avg): 0.031/12.014/3.597 ms
Packet lost: 0.000%
MOS: 4.378
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 15207, Sequence(sent/rcvd/exp): 46745/46745/46746
Peer: 1.0.0.1(1.0.0.1)
Source IP(444.555.666.778)
Route: 444.555.666.778->1.0.0.1/32, gwy(444.555.666.777)
protocol: ping, state: alive
Latency(Min/Max/Avg): 32.099/50.054/40.712 ms
Jitter(Min/Max/Avg): 0.027/15.144/5.599 ms
Packet lost: 0.000%
MOS: 4.377
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2012824, received: 15207, Sequence(sent/rcvd/exp): 46745/46745/46746

Hoping everything is OK, if there's anything else, do not hesitate to ask.

Thanks!

Konnan