Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: WAN1 doesn't seem to be failing over as part o...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WAN1 doesn't seem to be failing over as part of WAN LLB
FG-100D is configured with two WANs combined via WLLB. ISP for WAN1 has been flaky lately, dropping out for 30 seconds or so occasionally. I expected traffic to be immediately routed to WAN2, but in reality I have to manually disable WAN1 in the GUI in order for this to happen. The relevant parts of the config is below. I'm trying to determine whether I have something configured incorrectly in the Fortigate, or if the misconfiguration is occurring between my ears. Thanks in advance. Eric
5.04-FW-build1064
config system interface
edit "wan1"
set vdom "root"
set ip 74.143.138.236 255.255.255.248
set allowaccess ping fgfm
set type physical
set alias "isp1"
set estimated-upstream-bandwidth 5000
set estimated-downstream-bandwidth 50000
set role wan
set snmp-index 1
next
edit "wan2"
set vdom "root"
set mode dhcp
set distance 20
set allowaccess ping fgfm
set type physical
set alias "isp2"
set estimated-upstream-bandwidth 1800
set estimated-downstream-bandwidth 18000
set role wan
set snmp-index 7
next
end
config system virtual-wan-link
set status enable
set load-balance-mode measured-volume-based
config members
edit 1
set interface "wan1"
set gateway xxx.xxx.xxx.xxx
set volume-ratio 7
next
edit 2
set interface "wan2"
set gateway yyy.yyy.yyy.yyy
set volume-ratio 1
next
end
Solved! Go to Solution.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For remote failure detection you need to set up a pingserver target or link monitor (which is ambiguous - a link failure is always detected, loss of network connectivity not). I understood that creating a WAN LLB will set up a link monitor as well but maybe you skipped that step.
Then, the default settings require to miss 5 pings each 3 seconds apart. You can alter these values to get a more responsive behavior, risking "link flapping". Depends on what you're willing to tolerate.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We had this issue as well, I believe you might need to configure the WAN Status Check so that it knows to update the default WAN load balance static route when packet loss is detected.
Also as a side note, we had the same issue with WAN1 dropping out for 30 seconds or so when we put in a Fortigate 100D along with our particular ISP. Their router had issues accepting Fortigate updates via port 53. Not sure if this is the same issue you're having or who your ISP is but going into System -> FortiGuard and changing the FortiGuard Filtering Port from 53 to 8888 cleared that right up.
Edit: Just realized you're running a different firmware, we're on 5.4.1. Though I'm sure some of the options I mentioned are there, just in different places.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For remote failure detection you need to set up a pingserver target or link monitor (which is ambiguous - a link failure is always detected, loss of network connectivity not). I understood that creating a WAN LLB will set up a link monitor as well but maybe you skipped that step.
Then, the default settings require to miss 5 pings each 3 seconds apart. You can alter these values to get a more responsive behavior, risking "link flapping". Depends on what you're willing to tolerate.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you!. I see now what I missed. WAN Link Health is an option in the GUI as of 5.4.1, so I set it there.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, without that being set it doesn't monitor at all lol
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- DC Power connector type on FG... 907 Views
- API to find device inventory -... 671 Views
- Best VPN option for backup ISP... 908 Views
- Forticonverter 570 Views
- Large config - ssh behaviour 656 Views
Labels
-
FortiGate
8,464 -
FortiClient
1,712 -
5.2
801 -
FortiManager
710 -
5.4
639 -
FortiAnalyzer
547 -
FortiAP
457 -
FortiSwitch
456 -
6.0
416 -
FortiClient EMS
407 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
219 -
FortiWeb
199 -
5.0
196 -
IPsec
185 -
FortiNAC
176 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
75 -
Firewall policy
70 -
4.0MR3
64 -
FortiProxy
59 -
FortiADC
53 -
Fortivoice
52 -
High Availability
52 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
44 -
FortiSandbox
43 -
FortiDNS
42 -
DNS
40 -
Routing
39 -
BGP
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
32 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
23 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
SSL SSH inspection
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
FortiSOAR
13 -
SSID
13 -
Static route
13 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1660 | |
| 1077 | |
| 752 | |
| 443 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.