Fortigate 200B Failover connection

Hi. we're having an issue setting up failover connection for fortigate 200B firewall.

Currently we have 2 broadband connections which are connected to fortigate and we'd like to use our primary connection but if it fails, then fortigate would automatically switch to secondary connection. Problem is that even we have set correct priorities for connection, Fortigate uses automatically wrong connection as primary (dsl line with lower capacity) if both lines are connected.
LVL 2
wractaleAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
iworks-uworksConnect With a Mentor Commented:
Does your setup include the settings in both of these screen shots? What are you using on your WAN1 and WAN2 ports?
Failover1.PNG
Failover2.PNG
0
 
iworks-uworksCommented:
What firmware version are you running? Which connection do you have in each port? How do have the fail over setup?
0
 
wractaleAuthor Commented:
Firmware: v4.0,build0291,100824 (MR2 Patch 2)

Currently main connection (fibre broadband) is connected to port 14
and ADSL (failover) is connected to port 9

We have 2 static routes, one for primary connection and one for secondary, primary has lower priority than secondary.

Is that right way to do failover for fortigate or?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
wractaleAuthor Commented:
Currently detect interface status for gateway isn't enabled. Should that be enabled for only primary connection?

Currently if we add both connections to forti, primary and secondary, it'll use secondary as default even if priority of its static route is larger.

Thanks.
0
 
iworks-uworksCommented:
That is strange. Do you have anything using your WAN1 and WAN2? I've never tried a failover using other ports (while for most things it doesn't matter what ports you use), but are you able to change your main connection port to something lower than 9 to see if that is making a difference?

As for detecting the interface status, yes, check that box and maybe that will make the difference.
Make sure your ping server is reliable like a gateway IP.
0
 
wractaleAuthor Commented:
Adding that detect interface status seemed to do it! Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.