Hot!how can find failover at version 5.4

Author
sfareg
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/21 14:21:47
  • Status: offline
2017/03/20 12:02:02 (permalink) 5.4
0

how can find failover at version 5.4

i have two isp
i want wan1 is primary and wan2 is backup work if wan1 down
this is a found at version 5.4 but not work correct
 

#1

8 Replies Related Threads

    MikePruett
    Platinum Member
    • Total Posts : 668
    • Scores: 13
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: online
    Re: how can find failover at version 5.4 2017/03/23 08:46:43 (permalink)
    0
    I, personally, would do this.
     
    create a zone titled OUTSIDE
     
    place primary internet provider and secondary internet provider in there.
     
    Create two default routes, one to the primary and one to the secondary. Make the secondary have a slightly higher "priority" which in FortiOS just means cost.
     
    Configure link health monitoring through CLI for each connection. If primary WAN fails the configured number of times then it will yank the route and use the backup line.
     
    below is how to configure the link monitor
     
    config system link-monitor
    edit "wan1fail"
    set srcintf "wan1"
    set server "8.8.8.8"
    set interval 3
    set failtime 10
    set recoverytime 10
    set update-cascade-interface disable
    set protocol ping
    next
    end

    Mike Pruett
    Fortinet GURU
    #2
    sfareg
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/21 14:21:47
    • Status: offline
    Re: how can find failover at version 5.4 2017/03/25 06:02:23 (permalink)
    0
    thanks for help
    this my step can you check

     

     

    #3
    MikePruett
    Platinum Member
    • Total Posts : 668
    • Scores: 13
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: online
    Re: how can find failover at version 5.4 2017/03/27 11:25:25 (permalink)
    0
    The firewall I'm behind may be blocking your images (they are showing as broken for me). I will check this thread when at the house and see if I can view them then.

    Mike Pruett
    Fortinet GURU
    #4
    sfareg
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/21 14:21:47
    • Status: offline
    Re: how can find failover at version 5.4 2017/03/30 00:06:22 (permalink)
    0
    thanks for reply i waiting
    #5
    przemo
    New Member
    • Total Posts : 18
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/08/06 00:04:30
    • Status: offline
    Re: how can find failover at version 5.4 2017/03/30 07:16:51 (permalink)
    0
    Things that Mike describes are well described here: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/Interfaces/Dual%20Internet%20connections.htm?Highlight=redundant
     
    I used to use options "Redundant interfaces" - this is exactly what you need - and "Link redundancy and load sharing" - traffic distribute over both links + failover -  and it worked as planned.
     
    --
    additional links:
    http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36151&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=103179516&stateId=0%200%20103181373
     
    http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=10376&languageId=
     
    post edited by przemo - 2017/03/30 07:21:52
    #6
    joepope
    New Member
    • Total Posts : 8
    • Scores: 2
    • Reward points: 0
    • Joined: 2016/08/17 05:18:03
    • Status: offline
    Re: how can find failover at version 5.4 2017/05/08 10:16:04 (permalink)
    0
    Here is what I did and it appears to work:
    For Primary ISP link, create a static default route, with Administrative Distance as 10 Priority 0
    For Second ISP Link, create a static default route, with Administrative Distance as 10 Priority 10
     
    If the Primary ISP is down, the traffic will be routed automatically to the Second ISP.  I do this and only drop a single ping for the failover.
     
    Joe
    #7
    Xcage
    New Member
    • Total Posts : 13
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/06/04 16:21:50
    • Status: offline
    Re: how can find failover at version 5.4 2017/06/29 15:15:32 (permalink)
    0
    Hey sfareg , i think this thread would be helpful for you
     
    https://forum.fortinet.com/tm.aspx?m=120296
     
    basically it says that you need to set higher distance for the interface you want to fail-over TO and lower for the interface that you want to failover from, also you need to set Health checks for interfaces for that to work.
    #8
    alago
    New Member
    • Total Posts : 20
    • Scores: 5
    • Reward points: 0
    • Joined: 2017/06/04 11:45:32
    • Status: offline
    Re: how can find failover at version 5.4 2017/09/03 14:16:05 (permalink)
    0
    Hi, sfareg.
     
    First you have to configure the WAN1 and WAN2 routes with the same distance but you have to set a smaller priority to WAN1.
    Same distance = The two link will stay up at the same time
    Smaller priority means = The traffic will go trought WAN1 as long it is alive.
     
    After you done this you have to set just like you set, and then configure the WAN status check for both interfaces.
     
    Obs: If your links use static ip address than you have to configure distance and priority on the static route, otherwise you have to do it throught the CLI direcly on the interface configuration.
     
    configure system interface
    edit wan2
    set distance x
    set priority y
    end
     
    hope it helps
     
     
    post edited by alago - 2017/09/03 17:09:36
    #9
    Jump to:
    © 2017 APG vNext Commercial Version 5.5