Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
oliverlag
New Contributor

Created on ‎02-10-2012 03:09 AM

tracking unhealty interfaces / avoid interface flapping as hsrp does

Hello guys.. I was wondering how I could track health/unhealth of interfaces that continuosly flap. My situation is this one: a customer with 2 wans, the main one via wifi internet, the other one is an adsl. Customer wants always exit with wan1 but if this one flaps he prefers to go to wan2 and stay there till wan1 become stable again. I would like something like ip sla + hsrp but I see this is not an option. Unluckily it' s not an option switch the two wans and use the wan2 as primary and the wan1 as backup. For me would be also enough to put it in shut for X minutes as soon as I realize that the wan1 flaps any idea? even using vdom etc etc thanks in advance Oliver
8161
0 Kudos
4 REPLIES 4
emnoc
Esteemed Contributor III

Created on ‎02-10-2012 06:48 AM

For me would be also enough to put it in shut for X minutes as soon as I realize that the wan1 flaps any idea?
here' s a chicken and egg scenario, if the interface was in shut for X mins, how would the device know it' s stable? I agreed with you that fortigate don' t have any ip sla or better yet a EEM feature, but you might eliminate alot of the issues if you had a dynamic routing protocol like OSPF enable on wan1 to wan2 and between the next-hop gateway. What you really need is a cisco like EEM script language. I' m sorry, that I can' t offer any other suggestion.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
3179
0 Kudos
oliverlag
New Contributor

Created on ‎02-10-2012 07:04 AM

I agree with you emnoc.. indeed it' s weird but customer prefers wan1 stays down for a while and then go back online after their working hours. (during the night for example). a working solution would be put a cisco in front of it with ip sla and eem. I' m trying to avoid this.. I ' m testing a solution with vdom. tnx a lot for your reply :)
3179
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎02-13-2012 12:05 AM

IMHO much too complicated. You can tackle the situation using the built-in ECMP feature, as follows: - create 2 default routes via wan1, wan2 with the wan2 route having a lower priority. - activate Gateway Detection on both wan ports - select ping targets for both ports (at different ISPs) - fine-tune the number of pings that are needed to be missing before the route fails over - fine-tune the ping interval (if necessary) - this is CLI only Assume the WiFi link is flapping, then if you miss say 20 pings in a window of 60 seconds fail over to wan2 (ADSL). The FGT will continue to ping via wan1 to determine that the line reverts to a stable condition, and fail back automatically. The finetuning is necessary to find the compromise between a large observation window (to notice the instability) vs. short reaction time/short downtime.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3179
0 Kudos
oliverlag
New Contributor

Created on ‎02-22-2012 12:59 AM

Ede, thanks a lot for your quick reply and sorry for me being late (I' ve been busy with other stuff). Your solution could be fine with me.. I will try to convince the customer this is the best one and let' s see what will tell me. tnx for your help :) Oliver
3179
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.