We have two WAN link and when primary link is down, traffic is not switch over to the secondary link. When primary is down, secondary link and all the vpn tunnels in the secondary link are up but there is no traffic through it.
In primary link vpn tunnels are down but in 'enabled' mode. When we manually disable all the vpn tunnels in primary, traffic is switch over to the secondary and working properly.
Our requirement is to automatically switch over the traffic to secondary when primary is down.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Maybe enabling snat-route-change, if not already could help described, here
When we checking the routing table while WAN 1 is down same routing path is still in use and not switch over the vpn tunnels in secondary link
Hi
We need check both ISP getting default routes from ISP
AD should same on both ISP and primary wan link priority should set 1 and secondary priority need to set as 5
Also, you need configure link monitor, when active link goes down it will remove the routes from the routing, and it make secondary link as active.
please refer the below documents for link monitor:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Link-monitor/ta-p/197504
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/76624/link-monitor
Verify Interface Configuration: Ensure that the configuration for both the primary and secondary WAN interfaces is correct. Check that the interface status is up, the IP addresses are configured correctly, and the appropriate routing is in place.
Check Failover Settings: Confirm that the failover settings are properly configured. In the FortiGate web interface, go to System > Network > Interfaces and select the primary and secondary WAN interfaces. Under the "Status" section, verify that the failover mode is set to "Load Balance" or "Failover."
Monitor Health Check Settings: Health check settings determine how the FortiGate device detects link status. Go to System > Network > Interfaces, select the primary WAN interface, and check the "Health Check" tab. Ensure that the correct health check method is selected and that it is properly configured to detect link failures.
Check Routing Configuration: Verify that the routing configuration is correctly set up for failover. Check the routing table and ensure that the default route points to the primary WAN interface. Additionally, ensure that you have a failover route configured that points to the secondary WAN interface when the primary link is down.
Confirm VPN Configuration: Review the VPN configuration and make sure that it is set up correctly for failover. Ensure that the VPN tunnels are properly configured to use the secondary WAN interface when the primary link is down.
Monitor Logs: Continuously monitor the logs on your FortiGate device to identify any specific events or error messages related to the failover process. This information can help troubleshoot the issue and provide insight into the cause of the problem
there's not enough information to answer this question. What about the routing ? is it there on the secondary ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.