Hi,
What is the logic behind of using server ip ( behind or beyond the router )
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
A failover is - by default - triggered by a link failure. The monitored port needs to see a link-down.
But this is not what you see in practice.
Imagine you have 2 WAN lines, on 2 WAN ports. The FGT is connected to the WAN line via modem(s).
Now the link on the WAN port will be UP until the modem dies. Way more probable is that access to the internet via this WAN line will be broken, i.e. a logical link will fail.
To determine that a path through an interface, some hardware and your ISP's network is down you set up a ping server to some host on the internet which is (deemed) always up. If 5 consecutive pings to that server fail, the FGT fails that WAN port and deletes it's default route. Hopefully you have a second WAN line with a second (more costly) default route which then will be followed.
Hey sims,
I would suggest pinging a device beyond the gateway to ensure that you have connectivity beyond just the one hop. Let's pretend that your WAN links are connected to two different Cisco routers each on gig1/1. If you only ping the IP address on the directly connected network (ie: The IP address of gig1/1) and the router's upstream interface (ie: Interface gig1/2) goes down, your WAN link will still stay up but no traffic will pass through that router. You have now lost Internet access.
However if you're pinging something like 8.8.8.8 and gig1/2 goes down on the WAN1 link router, then it will fail over to WAN2. This is what ede_pfau was saying with: "Way more probable is that access to the internet via this WAN line will be broken, i.e. a logical link will fail."
Hope this helps,
Sean (Gr@ve_Rose)
Site: https://tcpdump101.com
Twitter: https://twitter.com/Grave_Rose
Reddit: https://reddit.com/r/tcpdump101
A failover is - by default - triggered by a link failure. The monitored port needs to see a link-down.
But this is not what you see in practice.
Imagine you have 2 WAN lines, on 2 WAN ports. The FGT is connected to the WAN line via modem(s).
Now the link on the WAN port will be UP until the modem dies. Way more probable is that access to the internet via this WAN line will be broken, i.e. a logical link will fail.
To determine that a path through an interface, some hardware and your ISP's network is down you set up a ping server to some host on the internet which is (deemed) always up. If 5 consecutive pings to that server fail, the FGT fails that WAN port and deletes it's default route. Hopefully you have a second WAN line with a second (more costly) default route which then will be followed.
Hi,
Instead of pinging the server why we should not ping the gateway .
Hey sims,
I would suggest pinging a device beyond the gateway to ensure that you have connectivity beyond just the one hop. Let's pretend that your WAN links are connected to two different Cisco routers each on gig1/1. If you only ping the IP address on the directly connected network (ie: The IP address of gig1/1) and the router's upstream interface (ie: Interface gig1/2) goes down, your WAN link will still stay up but no traffic will pass through that router. You have now lost Internet access.
However if you're pinging something like 8.8.8.8 and gig1/2 goes down on the WAN1 link router, then it will fail over to WAN2. This is what ede_pfau was saying with: "Way more probable is that access to the internet via this WAN line will be broken, i.e. a logical link will fail."
Hope this helps,
Sean (Gr@ve_Rose)
Site: https://tcpdump101.com
Twitter: https://twitter.com/Grave_Rose
Reddit: https://reddit.com/r/tcpdump101
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.