Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

traffic is not switch over to secondary

We have two WAN link and when primary link is down, traffic is not switch over to  the secondary link. When primary is down, secondary link and all the vpn tunnels in the secondary link are up but there is no traffic through it.

In primary link vpn tunnels are down but in 'enabled' mode. When we manually disable all the vpn tunnels in primary, traffic is switch over to the secondary and working properly.

Our requirement is to automatically switch over the traffic to secondary when primary is down.



Maybe enabling snat-route-change, if not already could help described, here 

New Contributor

When we checking the routing table while WAN 1 is down same routing path is still in use and not switch over the vpn tunnels in secondary link




We need check both ISP getting default routes from ISP 

AD should same on both ISP and primary wan link priority should set 1 and secondary priority need to set as 5

Also, you need configure link monitor, when active link goes down it will remove the routes from the routing, and it make secondary link as active.

please refer the below documents for link monitor:

Contributor III

  1. Verify Interface Configuration: Ensure that the configuration for both the primary and secondary WAN interfaces is correct. Check that the interface status is up, the IP addresses are configured correctly, and the appropriate routing is in place.

  2. Check Failover Settings: Confirm that the failover settings are properly configured. In the FortiGate web interface, go to System > Network > Interfaces and select the primary and secondary WAN interfaces. Under the "Status" section, verify that the failover mode is set to "Load Balance" or "Failover."

  3. Monitor Health Check Settings: Health check settings determine how the FortiGate device detects link status. Go to System > Network > Interfaces, select the primary WAN interface, and check the "Health Check" tab. Ensure that the correct health check method is selected and that it is properly configured to detect link failures.

  4. Check Routing Configuration: Verify that the routing configuration is correctly set up for failover. Check the routing table and ensure that the default route points to the primary WAN interface. Additionally, ensure that you have a failover route configured that points to the secondary WAN interface when the primary link is down.

  5. Confirm VPN Configuration: Review the VPN configuration and make sure that it is set up correctly for failover. Ensure that the VPN tunnels are properly configured to use the secondary WAN interface when the primary link is down.

  6. Monitor Logs: Continuously monitor the logs on your FortiGate device to identify any specific events or error messages related to the failover process. This information can help troubleshoot the issue and provide insight into the cause of the problem

Top Kudoed Authors