© 2025 Junovan Fantin

[FortiGate] Bring other interfaces down when link monitor fails

16 16.1 17 17.1 ACI BIG-IP BIGIP Certificado Cisco Debian DNS Docker EasyRSA F5 FortiGate IKE IPSec Linux LTM MikroTik Netflow Netmiko NSX OpenSSL OpenVPN Paramiko PyODBC Python Requisitos Hardware RouterOS RSTP Script ShellScript SolarWinds Spanning Tree Sprints SSL STP Ubuntu Upgrade VMWARE VPN VXLAN Windows Ágil

Latest Comments

junovan - 9 outubro 2019 - 15:16

Products

FortiGate v5.4
FortiGate v5.6
FortiGate v6.0

Description This article describes how link monitor can disable other interface(s) when the gateway detect (link Monitor) fails and bring them up when gateway detect (link Monitor) succeeds.
Solution In this example, when wan1 gateway detection (link monitor) fails, interface port3 will be disabled.

– Wan1 is the ISP link.
– Port3 is independent interface (LAN or DMZ)

The objective is:

   -When wan1 is down or the ping server is not reachable, the default route is removed and port3 will be DOWN.
   -When wan1 comes up and the ping server is reachable, the default route is installed and port3 will be UP.

Static route (default route):#show router static
config router static
    edit 1
       set gateway 192.168.1.1
       set device “wan1”
    next
    edit 2
       set gateway 192.168.2.1
       set device “wan2”
    next
end

Link-monitor (gateway detect):
config system link-monitor
    edit “wan1-ping-server”
        set srcintf “wan1”
        set server “8.8.8.8”
        set update-cascade-interface enable         < — Update cascade interface enable
        set update-static-route enable              < — Update static route enable
    next
endWAN1 interface configuration:config system interface
   edit “wan1”
       set vdom “root”
       set ip 192.168.1.254 255.255.255.0
       set allowaccess ping https ssh
       set fail-detect enable                           < — Enable fail detect
       set fail-detect-option detectserver link-down    < — Detectserver as link-down
       set fail-alert-method link-down                  < — Fail alert method Link-down
       set fail-alert-interfaces “port3”                < — Independent interface port3
       set type physicalset role wan
       set snmp-index 1
    next
end
The System Events can be monitored-When link-monitor detects link failure,
      •    Link Monitor initial state is failed, protocol: ping
      •    Static route on interface wan1 can be removed by link-monitor wan1-ping-server. Route: (192.168.1.254->8.8.8.8 ping-down)
      •    Link monitor: Interface port3 is turned down   -When link-monitor detects link is OK.
      •    Link Monitor initial state is OK, protocol: ping
      •    Static route on interface wan1 can be added by link-monitor wan1-ping-server. Route: (192.168.1.254->8.8.8.8 ping-up)
      •    Link monitor: Interface port3 is turned up

Routes and Interface status can be monitored during link Down and Up status as follows:

   -To check all active routes:

# get router info routing-table all

   -To view the physical interface status:# get sys interface physical

Fonte: https://kb.fortinet.com/kb/documentLink.do?externalID=FD44679

CATEGORIES:

Network

Tags:

No tags
Previous
Next

Comments are closed

© 2025 Junovan Fantin – Todos os direitos reservados.