Hi All,
Yesterday I set up a lab and tried to check whether the redundant link working fine or not. but it is not working. If the primary link goes down then all the traffic is being dropped at ISP end not moving towards another ISP which is TCL.
Let me tell you what I did in this lab on the FortiGate firewall.
1. Created one default route on firewall 0.0.0.0/0, Gateway 192.168.99.1, metric - 10.
2. Created second default route on firewall 0.0.0.0/0 Gateway 192.168.98.1, metric - 11.
3. Created separate policy for each ISP..
Then I tried to ping from LAN 8.8.8.8, it is working but whenever the primary link goes down then it doesn't work.
Please see the below diagram which will you understand easily.
Could you please make me why it is now working and what should I do If I want to have the redundant link in this lab?
your response will be more beneficial for me thank you in advance from my side.
Thank you,
Umesh
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Team,
Please try in this way, configure first default route with admin distance 1 and priority 10 and second default route with admin distance 1 and priority 11. So if primary link fails secondary link comes to picture.
You must have firewall policy with outgoing interface as both interfaces, so that when the traffic is going through secondary link, traffic will be allowed by firewall policy.
I'm assuming you meant AD(admin distance) by metric, and there are SNAT from internal ports (port3, 10) to external ports (port1, 2). Also assumed you disconnected port1 from the switch.
Check your global config
set snat-route-change enable
Without enabling it, SNAT session for your continuous ping never change to the new outgoing interface.
But you better configured link-monitor through port1 to ping like 8.8.8.8 to detect & remove the default route. Otherwise, it won't failover when a problem occurs on the other side of the switch.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
225 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.