Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sfareg
New Contributor II

how can find failover at version 5.4

i have two isp

i want wan1 is primary and wan2 is backup work if wan1 down

this is a found at version 5.4 but not work correct

 

8 REPLIES 8
MikePruett
Valued Contributor

I, personally, would do this.   create a zone titled OUTSIDE   place primary internet provider and secondary internet provider in there.   Create two default routes, one to the primary and one to the secondary. Make the secondary have a slightly higher "priority" which in FortiOS just means cost.   Configure link health monitoring through CLI for each connection. If primary WAN fails the configured number of times then it will yank the route and use the backup line.   below is how to configure the link monitor   config system link-monitor edit "wan1fail" set srcintf "wan1" set server "8.8.8.8" set interval 3 set failtime 10 set recoverytime 10 set update-cascade-interface disable set protocol ping next end

Mike Pruett Fortinet GURU | Fortinet Training Videos
sfareg
New Contributor II

thanks for help

this my step can you check

 

 

MikePruett
Valued Contributor

The firewall I'm behind may be blocking your images (they are showing as broken for me). I will check this thread when at the house and see if I can view them then.

Mike Pruett Fortinet GURU | Fortinet Training Videos
sfareg
New Contributor II

thanks for reply i waiting

przemo
New Contributor

Things that Mike describes are well described here: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/Interfaces/Dual%20Inter...

 

I used to use options "Redundant interfaces" - this is exactly what you need - and "Link redundancy and load sharing" - traffic distribute over both links + failover -  and it worked as planned.

 

--

additional links:

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36151&sliceId=1...

 

http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=10376&languageId=

 

joepope
New Contributor III

Here is what I did and it appears to work:

For Primary ISP link, create a static default route, with Administrative Distance as 10 Priority 0

For Second ISP Link, create a static default route, with Administrative Distance as 10 Priority 10

 

If the Primary ISP is down, the traffic will be routed automatically to the Second ISP.  I do this and only drop a single ping for the failover.

 

Joe

Xcage
New Contributor

Hey sfareg , i think this thread would be helpful for you

 

https://forum.fortinet.com/tm.aspx?m=120296

 

basically it says that you need to set higher distance for the interface you want to fail-over TO and lower for the interface that you want to failover from, also you need to set Health checks for interfaces for that to work.

Allan_Lago
New Contributor

Hi, sfareg.

 

First you have to configure the WAN1 and WAN2 routes with the same distance but you have to set a smaller priority to WAN1.

Same distance = The two link will stay up at the same time

Smaller priority means = The traffic will go trought WAN1 as long it is alive.

 

After you done this you have to set just like you set, and then configure the WAN status check for both interfaces.

 

Obs: If your links use static ip address than you have to configure distance and priority on the static route, otherwise you have to do it throught the CLI direcly on the interface configuration.

 

configure system interface

edit wan2

set distance x

set priority y

end

 

hope it helps

 

 

 

   Allan Lago

   Security Analist

   allan.lago@itsense.com.br

   +55 21 96436-1884

   +55 54 99100-0949

   https://itsense.com.br

Allan Lago Security Analist allan.lago@itsense.com.br +55 21 96436-1884 +55 54 99100-0949 https://itsense.com.br
Labels
Top Kudoed Authors