Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Norris81
New Contributor II

Created on ‎02-16-2025 01:19 PM

link-monitor settings accepted but not applying

Hi All,

 

I've just configured link-monitor to allow failover to WAN2 when internet access through WAN1 is unavailable.

I've applied this config without any errors, but it doesn't appear to display all the settings.

config system link-monitor
(link-monitor) # edit "WAN_Failover"
(link-monitor) # set srcintf wan1
(link-monitor) # set server "8.8.8.8" "4.2.2.1"
(link-monitor) # set protocol ping
(link-monitor) # set gateway-ip xxx.xxx.xx9.17
(link-monitor) # set interval 500
(link-monitor) # set failtime 5
(link-monitor) # set recoverytime 5
(link-monitor) # set update-static-route enable
(link-monitor) # set status enable

 

The resulting config is displayed below.

FW1 # show system link-monitor
config system link-monitor
    edit "WAN1_Failover"
        set srcintf "wan1"
        set server "8.8.8.8" "4.2.2.1"
        set gateway-ip xxx.xxx.xx9.17
    next
end

As you can see, the following parameters are missing.

(link-monitor) # set protocol ping
(link-monitor) # set interval 500
(link-monitor) # set failtime 5
(link-monitor) # set recoverytime 5
(link-monitor) # set update-static-route enable
(link-monitor) # set status enable

The firewall is currently on v7.2.8.

 

On testing, WAN failover works as expected, but I have noticed this System Event: 

Static route on interface wan1 may be added by link-monitor WAN1_Failover. Route: (xxx.xxx.xx9.22->8.8.8.8 ping-up) (xxx.xxx.xx9.22->4.2.2.1 ping-down)

 

It reports that it can ping 8.8.8.8 but not 4.2.2.1.

I can ping 4.2.2.1 from xxx.xxx.xx9.22.

 

Thoughts anyone?

Labels:
236
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-16-2025 01:41 PM

Because those are the default values. If you show "show full" or "get" you would be able to see those.

Toshi

View solution in original post

231
0 Kudos
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-16-2025 01:41 PM

Because those are the default values. If you show "show full" or "get" you would be able to see those.

Toshi

232
0 Kudos
Norris81
New Contributor II
In response to Toshi_Esumi

Created on ‎02-16-2025 02:40 PM

@Toshi_Esumi spot on, thank you.

FW1 # show full-configuration system link-monitor
config system link-monitor
    edit "WAN1_Failover"
        set addr-mode ipv4
        set srcintf "wan1"
        set server-config default
        set server-type static
        set server "8.8.8.8" "4.2.2.1"
        set protocol ping
        set gateway-ip xxx.xxx.xx9.17
        set source-ip 0.0.0.0
        set interval 500
        set probe-timeout 500
        set failtime 5
        set recoverytime 5
        set probe-count 30
        set ha-priority 1
        set update-cascade-interface enable
        set update-static-route enable
        set update-policy-route enable
        set status enable
        set diffservcode 000000
        unset class-id
        set service-detection disable
    next
end

FW1 #
206
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.