Technical Tip: Redundant Internet connection without load-balance.
This article shows how to configure multiple Internet
connections without load-balance.
This example is considering that both Internet connections are configured with static IP addresses and there is two default routes as static routes.The secondary WAN link will be a standby link and will trigger change once the primary WAN link will be down.
wan1: 10.5.21.50 wan2: 10.5.53.50
Set the IP addresses under System -> Network -> Interfaces:
Here are the following CLI commands to set the IP addresses of the wan interfaces:
#config system interface edit "wan1" set vdom "root" set ip 10.5.21.50 255.255.240.0 set allowaccess ping https set type physical next edit "wan2" set vdom "root" set ip 10.5.53.50 255.255.240.0 set allowaccess ping https set type physical end
Create two default routes:
For the redundant Internet connections, both the default static routes have to be active in the routing table. So, in order to achieve it, set the distance of both the routes the same.
If wan1 is to be the primary link [active link], then set the lowest priority to that link. And highest priority to the other wan interface.
When there are multiple routes to the same destination with the same distance then the priority will be checked. And the route with the least priority will be given the preference.
Example: wan1 has a distance of 10 and a priority of 0. wan2 has a distance of 10 and a priority of 10.
Here wan1 will be a selected route, as it has the least priority compared to wan2. So, all the traffic will be handled by wan1. If wan1 goes down then the traffic will be shifted to wan2.
To configure these routes in the GUI, Go to Network -> Static Routes and create two default routes:
Set up the Health Link Monitor and configure ping servers (CLI Only):
The following will ping a server of your choice, and if it stops receiving replies at the set rate, it will pull the static route from the routing table and the secondary connection will be used.
#config system link-monitor edit Wan1Failover set srcintf port1 <-------------------- Please mention port used for WAN1 link set server 184.108.40.206 set protocol ping set gateway-ip 10.5.31.254 set source-ip 0.0.0.0 set interval 5 set timeout 1 set failtime 5 set recoverytime 5 set ha-priority 1 set update-cascade-interface enable set update-static-route enable set status enable next edit Wan2Failover set srcintf port2 <--------------------- Please mention port used for WAN2 link set server 220.127.116.11 set protocol ping set gateway-ip 10.5.63.254 set source-ip 0.0.0.0 set interval 5 set timeout 1 set failtime 5 set recoverytime 5 set ha-priority 1 set update-cascade-interface enable set update-static-route enable set status enable end
When wan1 link goes down, navigate to system event logs as below and verify the logs FortiGate GUI -> Log and Reports > System Event
Log: static route is removed Route (10.5.21.50 18.104.22.168 ping-down)
The above log means that the static route of wan1 is removed a the health check failed.