- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Redundant Internet is using wan2 instead of wan1
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Redundant Internet is using wan2 instead of wan1
I setup a redundant Internet on my 100e using the cookbook. I setup the link monitor and stuff too.
I set all of this up on monday night, and when I came in this morning, I noticed the backup internet's ip in the logs of something I was working on. So I did Whatsmyip and it seems that it is using Wan2, which is the backup, as a primary.
I am looking in the GUI for where to change the weight/priority/distance and I can't find it. I saw those options when I initially configured it I thought, at least I saw priority and im pretty sure I made the primary 5 and the secondary 10. But clearly I did something wrong.
I am running 6.0.5 Build0268 (GA) btw.
I know the problem is that I have one of the above things wrong, its weight, priority, distance, or something.
I cant find where to change it, and I dont know the CLI commands to show me the current settings or change the current settings. Can someone tell me the commands to check the settings and change them as needed in the CLI?
I only want WAN2 to be used if Wan1 has an outage.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://kb.fortinet.com/kb/viewContent.do?externalId=FD32103
"get router info routing-table" command in the KB is the one you want to check first. You must have put two static default routes to both wan1 and wan2 with either different distances or priorities. My guess is something has happened to the circuit on wan1 to go down overnight. So likely your config worked as intended for the failover part. The question is 1) if the circuit has come back up yet, and 2) if that's the case, why it didn't fail back.
But you really need read what's in the log that would tell you what exactly happened at night.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://kb.fortinet.com/kb/viewContent.do?externalId=FD32103
"get router info routing-table" command in the KB is the one you want to check first. You must have put two static default routes to both wan1 and wan2 with either different distances or priorities. My guess is something has happened to the circuit on wan1 to go down overnight. So likely your config worked as intended for the failover part. The question is 1) if the circuit has come back up yet, and 2) if that's the case, why it didn't fail back.
But you really need read what's in the log that would tell you what exactly happened at night.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nothing went down overnight.
this is the log from the link-monitor
rs ago Static route on interface wan1 may be added by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-up)Routing information changed27 hours ago Static route on interface wan1 may be removed by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-down)Routing information changed3Yesterday Static route on interface wan1 may be added by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-up)Routing information changed4Yesterday Static route on interface wan1 may be removed by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-down)Routing information changed5Yesterday Static route on interface wan1 may be added by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-up)Routing information changed6Yesterday Static route on interface wan1 may be removed by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-down)Routing information changed7Monday Static route on interface wan1 may be added by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-up)Routing information changed8Monday Static route on interface wan1 may be removed by link-monitor wan1. Route: (70.163.74.13->8.8.4.4 ping-down)Routing information change
I am pretty sure the priority or the distance is causing it not to switch to WAN1 when it came back up. I cant tell in your link how I am supposed to set the priority and stuff, is port1 and port2 in your example synonyms for Wan1 and Wan2? I am sure if I check the priority they will probably be the same, or wan2 will have priority. Also, the command "get router info routing-table" gives me this error:
Command fail. Return code -9999
Can you tell me the command that will check what the priority and distance are and the command to change those settings on my existing Wan1 and Wan2?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are just missing the end of the command, get router info routing-table all
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nevermind I figured it out from the link you sent me, it was the priority
thank you
Related Posts
- SD-WAN IPSec Main Backup tunnels with... 119 Views
- Setting Up NAT64 to handle 64:ff9b::... 53 Views
- Force the routing of a domain... 98 Views
- Windows Deployment Services not working in... 129 Views
- Fortigates with PPPoE WAN suddenly need... 270 Views
Labels
-
FortiGate
6,524 -
FortiClient
1,301 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
241 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.