Avatar of heze54
heze54
Flag for Spain asked on

Fortigate 110c Dead Gateway check

Hi,

I´ve 2 fortigate 100c running in HA mode (cluster) and 2 1921 cisco routers connected to them to give Internet.

In the cluster config Router->Static->Setting->  is a Dead gateway detection zone. The cluster has wan 1 wan2 an local1 to lan.

Wan 1 is checking cisco router 1st
Wan 2 is checking internet is up

Wan2 is a backup line

2 days ago, our IPS crashed and although the cisco router 1st was up, was not internet connection and, ofcourse, the  routes did not change to wan 2.

My question, how to check  1st router and internet bouth through wan1 and.. if a failuer change to wan2 ?

any idea?
RoutersHardware FirewallsNetworking

Avatar of undefined
Last Comment
myramu

8/22/2022 - Mon
Skyler Kincaid

Do you maintain the support for your Fortinet devices? I know it doesn't answer your question but the support for these firewalls is key and doesn't cost that much.
Garry Glendown

Not exactly on the dead gateway detecting route, but have you thought about using OSPF to receive routes from the routers? That way, if one router goes down, you'll automatically lose the routes through it and go through the other ...
heze54

ASKER
HI,

I was thinking about that OSPF but I can not manage those routers, only my ISP.

any more ideas?
Your help has saved me hundreds of hours of internet surfing.
fblack61
heze54

ASKER
Hi,
As far as I  know, maybe incorrect, I can only use once a port to configure Dead Gateway, is this correct?

For example, wan1 can only be configured to ping  one machine. Is impossible to configure  wan 1 to stablish a condition to ping 2 machines at same time and, if both are off, change the route.

Any idea?
ASKER CERTIFIED SOLUTION
myramu

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Garry Glendown

Actually, this could be done on Cisco routers with a combination of IP SLA and EEM scripts ... but as they are only provided by the ISPs, I reckon this will not be an option ...
heze54

ASKER
A++
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
myramu

Thank you!