Technical Tip: Redundant Internet connection without load-balance.
Description
This article shows how to configure multiple Internet connections without load-balance.
Solution
This example is considering that both Internet connections are configured with static IP addresses and there is two default routes as static routes.The secondary WAN link will be a standby link and will trigger change once the primary WAN link will be down.

wan1: 10.5.21.50
wan2: 10.5.53.50

Set the IP addresses under System -> Network -> Interfaces:





Here are the following CLI commands to set the IP addresses of the wan interfaces:

#config system interface
edit "wan1"
set vdom "root"
set ip 10.5.21.50 255.255.240.0
set allowaccess ping https
set type physical
next   
edit "wan2"
set vdom "root"
set ip 10.5.53.50 255.255.240.0
set allowaccess ping https
set type physical
end

Create two default routes:

For the redundant Internet connections, both the default static routes have to be active in the routing table.
So, in order to achieve it, set the distance of both the routes the same.

If wan1 is to be the primary link [active link], then set the lowest priority to that link.
And highest priority to the other wan interface.

When there are multiple routes to the same destination with the same distance then the priority will be checked.
And the route with the least priority will be given the preference.


Example:
wan1 has a distance of 10 and a priority of 0.
wan2 has a distance of 10 and a priority of 10.

Here wan1 will be a selected route, as it has the least priority compared to wan2.
So, all the traffic will be handled by wan1. If wan1 goes down then the traffic will be shifted to wan2.

To configure these routes in the GUI, Go to Network -> Static Routes and create two default routes:








Set up the Health Link Monitor and configure ping servers (CLI Only):

The following will ping a server of your choice, and if it stops receiving replies at the set rate, it will pull the static
route from the routing table and the secondary connection will be used.


#config system link-monitor
edit  Wan1Failover
set srcintf port1                             <-------------------- Please mention port used for WAN1 link
set server 8.8.8.8
set protocol ping
set gateway-ip 10.5.31.254
set source-ip 0.0.0.0
set interval 5
set timeout 1
set failtime 5
set recoverytime 5
set ha-priority 1
set update-cascade-interface enable
set update-static-route enable
set status enable
next
edit  Wan2Failover
set srcintf port2                             <--------------------- Please mention port used for WAN2 link
set server 4.2.2.2
set protocol ping
set gateway-ip 10.5.63.254
set source-ip 0.0.0.0
set interval 5
set timeout 1
set failtime 5
set recoverytime 5
set ha-priority 1
set update-cascade-interface enable
set update-static-route enable
set status enable
end

When wan1 link goes down, navigate to system event logs as below and verify the logs
FortiGate GUI -> Log and Reports >  System Event

Log: static route is removed Route  (10.5.21.50  8.8.8.8 ping-down)

The above log means that the static route of wan1 is removed a the health check failed.


Related Articles
Technical Note: Configuring link redundancy - Traffic load-balancing / load-sharing - ECMP (Equal Cost Multiple Path) - Dual Internet or WAN scenario
Last Modified Date: 08-07-2019 Document ID: FD36151