We have two WAN link and when primary link is down, traffic is not switch over to the secondary link. When primary is down, secondary link and all the vpn tunnels in the secondary link are up but there is no traffic through it.
In primary link vpn tunnels are down but in 'enabled' mode. When we manually disable all the vpn tunnels in primary, traffic is switch over to the secondary and working properly.
Our requirement is to automatically switch over the traffic to secondary when primary is down.
Verify Interface Configuration: Ensure that the configuration for both the primary and secondary WAN interfaces is correct. Check that the interface status is up, the IP addresses are configured correctly, and the appropriate routing is in place.
Check Failover Settings: Confirm that the failover settings are properly configured. In the FortiGate web interface, go to System > Network > Interfaces and select the primary and secondary WAN interfaces. Under the "Status" section, verify that the failover mode is set to "Load Balance" or "Failover."
Monitor Health Check Settings: Health check settings determine how the FortiGate device detects link status. Go to System > Network > Interfaces, select the primary WAN interface, and check the "Health Check" tab. Ensure that the correct health check method is selected and that it is properly configured to detect link failures.
Check Routing Configuration: Verify that the routing configuration is correctly set up for failover. Check the routing table and ensure that the default route points to the primary WAN interface. Additionally, ensure that you have a failover route configured that points to the secondary WAN interface when the primary link is down.
Confirm VPN Configuration: Review the VPN configuration and make sure that it is set up correctly for failover. Ensure that the VPN tunnels are properly configured to use the secondary WAN interface when the primary link is down.
Monitor Logs: Continuously monitor the logs on your FortiGate device to identify any specific events or error messages related to the failover process. This information can help troubleshoot the issue and provide insight into the cause of the problem
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.