-->
Home  ›  Firewall  ›  Fortinet  ›  Network devices

Basic Failover Configuration Fortigate Firewall With Link Monitor

Configuring failover for multiple WAN interfaces on Fortigate is really easy. Basically, when you have multiple WAN/ISP you just need to plug each of it to any interface, set the interfaces role to WAN, configure static or DHCP mode, configure static route (if the interface in static mode), configure firewall policy to allow traffic from internal LAN to each WAN interfaces, and you already have failover connection for WAN with basic load balance (source mac address, I guess).
Fortigate Firewall Configure Basic Failover with DHCP on WAN Interface
Without Configuration WAN link load balance
This default failover behavior works only if the directly connected link is down, then it will fail over to the other link. However, when the link is disconnected from your ISP side to the internet and all the WAN link stay connected, the failover will failed.

To avoid this behavior, Fortigate have link monitor feature hidden in CLI mode. Fortigate link monitor will ping certain server/ip address and will modify the route if the Fortigate failed to ping the server for several retries.

Fortigate Firewall Configure Basic Failover With Link Monitor

After making sure all the WAN interfaces works, the only thing to do is to configure fortigate link monitor.
Fortigate Firewall Configure Basic Failover With Link Monitor
Fortigate Link Monitor available options and default options
The picture above shows you the available options for link monitor. For the basic failover setup, you just need to configure the srcintf and server options.
config system link-monitor
Add and configure link monitor for each ISPs.
edit WAN1
	set server 8.8.8.8
	set srcintf port1
next
edit WAN2
	set server 8.8.8.8
	set srcintf port2
end
This configuration will ping 8.8.8.8 from each interfaces, if one of the interface fail to ping 8.8.8.8 for 5 times, link monitor will remove the static route to that interface, leave the other interface as the only gateway to the internet.

Many tutorials about Fortigate Firewall failover configuration will include the static route priority configuration, but it will makes the basic load balance feature unused and on the normal time only one interface will be use as the WAN interface while the other WAN interfaces will remain standby.
Firewall Fortinet Network devices

Related Posts

    Comments

    Subscribe Our Newsletter