Solved

Fortigate 200B Failover connection

Posted on 2010-11-23
6
2,784 Views
Last Modified: 2012-05-10
Hi. we're having an issue setting up failover connection for fortigate 200B firewall.

Currently we have 2 broadband connections which are connected to fortigate and we'd like to use our primary connection but if it fails, then fortigate would automatically switch to secondary connection. Problem is that even we have set correct priorities for connection, Fortigate uses automatically wrong connection as primary (dsl line with lower capacity) if both lines are connected.
0
Comment
Question by:wractale
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:iworks-uworks
ID: 34205413
What firmware version are you running? Which connection do you have in each port? How do have the fail over setup?
0
 
LVL 2

Author Comment

by:wractale
ID: 34205480
Firmware: v4.0,build0291,100824 (MR2 Patch 2)

Currently main connection (fibre broadband) is connected to port 14
and ADSL (failover) is connected to port 9

We have 2 static routes, one for primary connection and one for secondary, primary has lower priority than secondary.

Is that right way to do failover for fortigate or?
0
 
LVL 4

Accepted Solution

by:
iworks-uworks earned 500 total points
ID: 34205758
Does your setup include the settings in both of these screen shots? What are you using on your WAN1 and WAN2 ports?
Failover1.PNG
Failover2.PNG
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 2

Author Comment

by:wractale
ID: 34205844
Currently detect interface status for gateway isn't enabled. Should that be enabled for only primary connection?

Currently if we add both connections to forti, primary and secondary, it'll use secondary as default even if priority of its static route is larger.

Thanks.
0
 
LVL 4

Expert Comment

by:iworks-uworks
ID: 34206066
That is strange. Do you have anything using your WAN1 and WAN2? I've never tried a failover using other ports (while for most things it doesn't matter what ports you use), but are you able to change your main connection port to something lower than 9 to see if that is making a difference?

As for detecting the interface status, yes, check that box and maybe that will make the difference.
Make sure your ping server is reliable like a gateway IP.
0
 
LVL 2

Author Comment

by:wractale
ID: 34215391
Adding that detect interface status seemed to do it! Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Choice of router 8 32
Standard Naming Convention Policy - Servers, Routers, Switches, Firewalls 3 63
Cisco Edge Routers for BGP 6 52
Router question 5 41
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question