i have two isp
i want wan1 is primary and wan2 is backup work if wan1 down
this is a found at version 5.4 but not work correct
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I, personally, would do this. create a zone titled OUTSIDE place primary internet provider and secondary internet provider in there. Create two default routes, one to the primary and one to the secondary. Make the secondary have a slightly higher "priority" which in FortiOS just means cost. Configure link health monitoring through CLI for each connection. If primary WAN fails the configured number of times then it will yank the route and use the backup line. below is how to configure the link monitor config system link-monitor edit "wan1fail" set srcintf "wan1" set server "8.8.8.8" set interval 3 set failtime 10 set recoverytime 10 set update-cascade-interface disable set protocol ping next end
Mike Pruett
thanks for help
this my step can you check
The firewall I'm behind may be blocking your images (they are showing as broken for me). I will check this thread when at the house and see if I can view them then.
Mike Pruett
thanks for reply i waiting
Things that Mike describes are well described here: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/Interfaces/Dual%20Inter...
I used to use options "Redundant interfaces" - this is exactly what you need - and "Link redundancy and load sharing" - traffic distribute over both links + failover - and it worked as planned.
--
additional links:
http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=10376&languageId=
Here is what I did and it appears to work:
For Primary ISP link, create a static default route, with Administrative Distance as 10 Priority 0
For Second ISP Link, create a static default route, with Administrative Distance as 10 Priority 10
If the Primary ISP is down, the traffic will be routed automatically to the Second ISP. I do this and only drop a single ping for the failover.
Joe
Hey sfareg , i think this thread would be helpful for you
https://forum.fortinet.com/tm.aspx?m=120296
basically it says that you need to set higher distance for the interface you want to fail-over TO and lower for the interface that you want to failover from, also you need to set Health checks for interfaces for that to work.
Hi, sfareg.
First you have to configure the WAN1 and WAN2 routes with the same distance but you have to set a smaller priority to WAN1.
Same distance = The two link will stay up at the same time
Smaller priority means = The traffic will go trought WAN1 as long it is alive.
After you done this you have to set just like you set, and then configure the WAN status check for both interfaces.
Obs: If your links use static ip address than you have to configure distance and priority on the static route, otherwise you have to do it throught the CLI direcly on the interface configuration.
configure system interface
edit wan2
set distance x
set priority y
end
hope it helps
Allan Lago
Security Analist
+55 21 96436-1884
+55 54 99100-0949
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.