FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 193315

Article

Description Use this checklist to troubleshoot configuring redundant interfaces.
Components FortiGate v2.80 Firewalls
Checklist

This checklist consists of 4 steps:

 

1) Set the distance of the main interface to 10 in the routing table if it is a static interface, or set it on the interface itself if it is a DHCP, or PPPOE interface.

 

2) Set the distance on the second interface to 11 in routing table if it is a static interface, or set it on the interface itself if it is a DHCP, or PPPOE interface.

 

3) On both interfaces, set the ping server to be a router AT THE ISP. The gateway address from your ISP will work for this.

 

4) Configure policies from internal to both external interfaces.

 

To test this configuration:

 

1) Unplug the main interface.Approximately.

25 seconds later (by default), it should fail over to the second interface.

 

2) Send trace routes to the Internet and watch the hops for correct path.

 

When the main connection comes back up, the unit will NOT automatically fail back over to that connection. To perform fail back you have two options:

 

- Unplug the second interface and let the FortiGate unit fail over normally to the main interface. The plug the second interface back in.

 

Or.

 

Login to the web-based GUI manager and bring down the second interface (on the System -> Network screen) and let the FortiGate fail over to the main interface.

Once it has switched back, bring up the second interface again.

 

 

Contributors