Configuring System Link Monitor and redundancy.(Fortigate 30e 3G/4G)
Navigate to Network > Routing
Edit route WAN(Primary) and WWAN (Backup)
Set administrative distance value for primary connection 10 and 0 for priority value.
For backup connection set administrative distance to 15 and priority to 15.
Connect to Fortigate CLI and enable this command :-
For Primary Connection [ Unifi/Streamyx ]
Config sys link-monitor
Edit WanFailOver
Set srcintf wan
Set server 8.8.8.8
Set update-cascade-interface disable
Set update-static-route enable
End
For Backup Connection [ 3g/4g ]
Config sys link-monitor
Edit WWanFailOver
Set srcintf wwan
Set server 8.8.8.8
Set update-cascade-interface disable
Set update-static-route enable
End
Verify our setting
Sh full-configuration system link-monitor
Next navigate to our Fortigate GUI
Monitor > Wan Link Monitor.
There are 2 active connection with Active sessions / upload and download.
Both connection will continiously ping to server we set which is 8.8.8.8.(we also can add multiple server)
Navigate to Log&Report > System Events
Verify our link monitor working properly..Disconnect primary WAN connection. Our backup connection should takeover.
Thank You.
Reference and additional note :-
system link-monitor
Use this command to add link health monitors that are used to determine the health of an interface. Link health monitors can also be used for FGCP HA remote link monitoring.
srcintf <interface>
The name of the interface to add the link health monitor to. (WAN / WWAN / WAN1 / WAN2)
server <address> [<address>…]
One or more IP addresses of the servers to be monitored. If the link health monitor cannot connect to all of the servers remote IP monitoring considers the link to be down. You can add multiple IP addresses to a single link monitor to monitor more than one IP address from a single interface. If you add multiple IP addresses, the health checking will be with all of the addresses at the same time. The link monitor only fails when no responses are received from all of the addresses.
protocol {ping | tcp-echo | udp-echo | http | twamp}
One or more protocols to be used to test the link. The default is ping.
gateway-ip <address>
The IP address of the remote gateway that the link monitor must communicate with to contact the server. Only required if there is no other route on for this communication.
source-ip <address>
Optionally add a source address for the monitoring packets. Normally the source address is the address of the source interface. You can add a different source address if required.
interval <interval>
The time between sending link health check packets. Default is 5 seconds. Range is 1 to 3600 seconds.
timeout <timeout>
The time to wait before receiving a response from the server. Default is 1 second. Range is 1 to 255 seconds.
failtime <failover-threshold>
The number of times that a health check can fail before a failure is detected (the failover threshold). Default is 5. Range is 1 to 10.
recoverytime <recovery-threshold>
The number of times that a health check must succeed after a failure is detected to verify that the server is back up. Default is 5. Range is 1 to 10.
ha-priority <priority>
The priority of this link health monitor when the ling health monitor is part of an FGCP remote link monitor configuration. Default is 1. Range is 1 to 50.
update-cascade-interface {disable | enable}
Enable to bring down the source interface if the link health monitor fails. Disable to keep the interface up if the link health monitor fails. Default is enable.
update-static-route {disable | enable}
Enable to remove static routes from the routing table that use this interface if the link monitor fails. Default is enable.
status {disable | enable}
Enable or disable this link health monitor. Default is enable.
Thank You.