I needed this a year ago. I tried to use this setup to keep things simple when adding a Fortiextender, rather than using sdwan, but cookbook and support said I needed static gateways to enter in the monitor settings...guess I should have tried! Thanks!

Simple easy to follow instructions. I now have failover setup! Thanks for the help!

When they eliminated ECMP Failover in the GUI in v5.4 and called support to find out how to do this, their tech had me so confused, I stayed in v5.2 for another couple of years. I won’t even mention how they wanted me to set it up with SD-WAN. Keep up the great work! Can you do an update on how to setup site-to-site VPNs with WAN Failover.

Thank you for the Priority setting and administrative distance advice at the end of the video that was very helpful, I was trying to figure that out before seeing your video

Too true, a very simple and great approach to WAN failover. The next level up I gather is to implement SD-WAN as it gives move granularity with performance metrics, so that e.g. Voice paths traverse links with lowest latency and jitter.

Great video as usual :) thank you.

Thank you, great explanation. Subscribed.

Thanks to Mike's tutorials I've configured a pair of 80E in HA as I'm also using SD-WAN for Link monitor! But before having HA I was also using link monitor, too.

Awesome thanks

Thank you sir! Great video

Thanks!!

Awesome video, really help me out. I just have one question how does it know which route to pull ? Will it just pull any route based on the interface ?

Hi mike good video and very interest information. if i create an outside zone whit two wan interfaces. can i assign a different ip for each interface that are in the zone?

Thanks a lot

Thanks for the video, I have a failover with 3 mobile hotspot routers, I have a base GB plan at each router, so when I finished my GB the download speed is lower than 1Mbps, (still having access to internet), is there a way to shut down a wan intarface when the ISP reduces the internet speed?

Hi I have a set up where 2 100F firewalls running in a-a mode and one isp link terminate on each firewall.Please suggest how to achieve failover in case of link failure or isp failure.

Does this only work if the primary interface shows "up"? Reason for the question, could you setup wan1 and wan2 where wan1 is a metered connection, after 300Gig cost goes up, in this setup, could we pull the plug physically on wan1 and then would wan2 engage and then re-engage wan1 when the next billing cycle rolls through? This is in a rural area and there are literally only 2 options for internet (excluding satellite).

You had wan1 and wan2 in a zone, that helps with the policies, can you tell how to create the zone when the individual interfaces are already in use by policies?

HI, Great video. For the backup interface should the firewall policys be set exactly the same (of course using backup IP/interface)?

Is it possible to add already-in-use-in-policy interfaces to zones to do this after you've deployed, or would I need to assign a different interface to my policy, assign zone, reassign to policy?

Thanks for this great video sir. Question for ya--can WAN failover still be accomplished if using 2 fortigates in a high availability configuration?

Great video. Do you have any videos in regards to fortimanager and how policy packages can be simplified using zones?

you are soooooo underrated

Hello guru i have question for you about isp failover So my question is if system is connected with two isps isp 1 isp2 along with firewall attached in between switch and isps so if isp1 is down how the isp2 will automatically take the load on it without configuring like isp1 ? What that term called?

First, War Eagle! But I'm in the opposite situation. We're mostly remote and have a very reliable primary connection, so I want to remove my secondary. Our Fortigate is configured (was set up by a consultant) with failover via this method. Based on your video, I can see both the WAN1 and WAN2 monitor. What should I do to remove these and remove failover? I can see that I can disable them with the status option, but can I delete them?

Great video, thank you! I had a question tho, it seems that unless I change the AD of the interfaces so that the backup is higher, then both default routes are in the routing table (although showing the configured priority). If I change the AD then the secondary connection only enters the routing table when the monitor goes down. Is it ok to have both default routes in the table in different priorities?

I'm new to fortigate. But I wanted to know how to change the settings for failover. {Scenario: WAN 1 ISP is being taking out and we want WAN 2 to be the primary link. However, we want to configure the failover so that WAN 2 is primary and WAN 1 is the failover only if WAN 2 go down. I want to test it and make sure it's working before cutting off the current ISP WAN 1 link. So when we bring in another ISP it will be easier to configure the failover. Is this something easy to do.

What happens if you configure 2 link monitors for the same interface for example "8.8.8. 8" and "1.1.1. 1" and "8.8.8. 8" is down but "1.1.1. 1" is still up? Does the fortigate switch to the secondary interface or because "1.1.1. 1" is still up dosent switch? Thank you great video!

Mike, you configured live monitor only for wan1, what about wan2, do you have to do it?

Hi Guru, I am using fortigate and I have 2 wan connections,(WAN1 and when i configure " config sys link-monitor" and when i configure set srcintf wan2 it is giving me error "value parse error before 'WAN2' " . I can not see wan2/wan1 when i ? after set srcintf ....why is that?

is this the correct path to make it work 2 wan at the same time? I have created a list of addresses on fortigate, created a group where i Put all, then I've created the policy to make all this group go out with wan 2, the others will go on wan 1. I 've made another ipv4 policy under with all all and the wan1 but it doesn't work, what am I doing wrong?

Can you please send me a configuration running 2 ISP with web server configuration. Thanks in advance.

You can also use the link-monitor to monitor sites (from the point of view of the remote site) using SNMP you can view Latency Jitter etc config system link-monitor edit "Outlook_HTTP" set server "outlook.com" set protocol http set interval 10 set update-cascade-interface disable set update-static-route disable next edit "TER-INET_Ping" set server "8.8.8.8" "1.0.0.1" set update-cascade-interface disable set update-static-route disable next edit "DC6_Ping" set server "internal.fqdn.local" set source-ip 10.1.0.1 set interval 10 set update-cascade-interface disable set update-static-route disable next

You are damn good 😊

So this steps can also be done on Fortigate F60 right?

You mention using Zones for the outside interfaces, why not use SDWAN? Finally getting round to sorting out our firewalls, its a mess :( Two external interfaces one with a /24 and the other /30. I am wondering how traffic will behave when it has come in via the backup connection(will have to get the ISPs to do BGP). We have lots of public services which have the public IPs from the primary WAN but not the WAN2. Can traffic pass from WAN2 to WAN1? Or will zoning sort this out with one IP scope for the zone rather than individual interfaces having IPs. Its a live system 24/7 so cant play too much.

We have an ip block /24 and you mention setting up BGP as a preference. Why is this? (If its a stupid question feel free to slap me down). We have two connections a 10GB (whoop whoop) and 1GB and currently both set to static and going to use AD to pump everything out the 10GB. I was looking at your suggestion of link monitor till you mentioned BGP. We have statics also set for our internal. All our servers have IPs on the /24 external range (NAT of course). Note: Our 1gb backup connection is using a /30.

You mentioned that we should not install 6.4 - I recently received an RMA, and the tech recommended 6.4 (I was previously running 6.0). Is 6.4 stable yet? The tech claimed it was more stable than 6.2?

Followed your guide. ITs working as you describe, but what happens when your primary link gets back online again ? My setup just remained on the secondary as primary was back online. Please advise

hi,, i am private person. is there a fortinet product you can recomend that i can use for my 2 isp ? there are only 4 computer max with ethernet and a number of mobile devices via wifi. ofc this should not be an business solution - only provide a redundant internet connection #sendhelpPLZ :-) thanks

Ok! Geesh! 2:44 =)

Great - Fortinet Wan Fail Over Demistified

So where is the part where you fail over to WAN 2?

All code you get is GA unless youre on special build code.

you are probably better off pinging your isp dns server

It's so annoying when you know so much about this that you seem bored telling us. I usually take it as a sign the presenter knows what he is talking about.