Fortigate failover gui 53. 1 High availability Manual and automatic HA virtual MAC address assignment GUI. I’m setting this up in EVE-NG and here’s what my lab looks like; Note: Im using TWO connections for Heartbeat/Failover, you can simply use one if you prefer. ECMP is a mechanism that allows multiple ro config system interface edit port23 config ipv6 config vrrp6 edit 223 set vrdst 2001:db8:1::12 next end end next end IPv4 VRRP active failover. Details are mentioned with an example. Related articles: Technical Tip: FortiGate VRRP configuration and debug; Technical Tip: VRRP - Active failover with VRDST with Sep 13, 2021 · During failover to the secondary unit: Many services are down. May 6, 2011 · Link failover means that if a monitored interface fails, the FortiGate-7000 cluster reorganizes to reestablish a link to the network that the monitored interface was connected to and to continue operating with minimal or no disruption of network traffic. Use the following procedures to configure the FortiManager units for HA operation from the FortiManager unit GUI. For example, a 10 GB interface can be less than half the cost of a 20 GB interface. 0 set source-ip 0. 0 set device wan1 set gateway <gateway_address> set distance 10 next edit 2 set dst 0. This article describes how to set up an ISP Failover using static routing and link-health monitor: Scope: FortiGate V7. Jul 13, 2020 · This article describes how to perform FortiGate HA failover via the FortiManager 'promote' option. Sep 21, 2021 · Hello, I’m hoping someone with experience can help with this. Static route will be automatically installed in the routing failover status: set <----- Need to be disabled. In this example, the detection server IP address is 208. Redirecting to /document/fortigate-7000/6. Oct 27, 2023 · The situation you’re describing is a classic link failover and fallback scenario, where the failover works but the fallback doesn’t. Flapping can indeed be disruptive. . In FortiGate HA one device will act as a primary device (also called Active FortiGate). If the FortiGate detects that the outgoing interface has been brought down for some reason (e. FG200F replacing Pfsense that fried. 50 via the wan1 interface. Solution: Topology: In this example: The architecture of the FortiGate HA is the HA Active Passive SDN connector. The cluster does not renegotiate. Scope AZURE Deployed FortiGate in HA with AZURE SDN configured as external connectors. execute ha failover set <cluster_id> execute ha failover unset <cluster_id> In this example, the detection server IP address is 208. Ensure you have administrative privileges to configure HA settings. Do you want to continue? (y/n)y To view the failover status: # execute ha failover status failover status: set To view the system status of a device in forced HA failover: If the primary WAN interface of a FortiGate is down due to physical link issues, the FortiGate will remove routes to it and the secondary WAN routes will become active. The value can be set from 0 to 300. But you can also use the "pingserver" options associated to the "gwdetect" configuration to trigger a failover if some ping to a target destination are lost. Thanks. To select the 'promote' option from GUI: Go to Device Manager, and select the 'HA device' on the left panel, which will open System: Dashboard. Set the Mode to “Active-Passive” or “Active-Active,” depending on your Testing failover. The criteria include the number of operationally UP Monitored interfaces, HA uptime, priority, and serial number of the devices. Keep the pingserver-failover-threshold set to the default value of 5. 109. You can do this by physically disconnecting the Ethernet cable connected to WAN1. How to unset the flag safely without causing an additional failover if it is not desired. 50" <- The server that is probed via WAN1 interface. It doesn't show it at the place you're trying to see because the secondary HA config is supposed to be almost identical with the primary. 0 set device wan2 set gateway <gateway_address> set distance 20 next end Jan 9, 2025 · This article describes the criteria for selecting the primary unit in a FortiGate High Availability (HA) cluster, depending on whether the override feature is enabled or disabled. Unset it by running the following command: # execute ha failover unset 1 . Jun 2, 2010 · Link failover (port monitoring or interface monitoring) Link failover means that if a monitored interface fails, the FortiGate-7000F cluster reorganizes to reestablish a link to the network that the monitored interface was connected to and to continue operating with minimal or no disruption of network traffic. The total link monitor HA priority should be equal/Higher than the failover threshold, causing a failover. Recommended Failover Methods for Virtual Clusters: Change the device priority on the selected cluster, as shown above. In this example, the FortiGate has several routes to 23. I’m out of ideas. When i try to test if link failover is happening by administratively taking down a monitored interface like port1 on the primary fortigate, the odd thing is that the failover doesnt happen and also the port1 that I took down on the primary gets also automatically taking down on the secondary and causes a complete denial of service it s The main issue I have now is that when the firewalls failover, the whole switching layer goes into chaos for a few minutes or longer. Do you want to continue? (y/n)y To view the failover status: # execute ha failover status failover status: set To view the system status of a device in forced HA failover: Aug 13, 2024 · This article describes how to build a failover tunnel on the secondary WAN. Active device synchronises its configuration with another device in the group. SD-WAN Zone = Internet. I am thinking of setting up SD-WAN, but using the SD-WAN interface only for site to site traffic (VPN tunnels). This is essential for traffic management and failover. Solution Keeping in mind how the FGCP election process works and is described: Primary unit selection with override disabled (default) , there may be cases where it's necessary to collect the details to troubleshoot some expected or unexpected cluster transitions. 0 and above. 8. 88. Solution This article will use the following scenario as an example There are 2 service providers (ISP_1 and ISP_2) who provide internet service over BGP peers. Solution: FortiGate-7000 devices support High availability in Active-Passive mode with only two devices. Depending on the HA configuration, changing the priority or resetting the HA uptime triggers a failover. Scope: FortiGate Cloud HA A-P. A certain segment/interface is not working. Normally, the internal interface that connects to the internal network, and an outgoing interface for traffic to the internet or outside the network, should be monitored. Fortinet suggests the following practices related to interface monitoring (also called port monitoring): Wait until a cluster is up and running and all interfaces are connected before enabling interface Feb 12, 2018 · Enabling VDOM partitioning causes a configuration changes (which need time to synchronise), Failing over Fortigate HA using the GUI VDOM partitioning within short periods of time might cause 'unexpected' behaviour. During failover, the secondary IP addresses, which are configured for port1 and port2 on the primary unit, move to the secondary unit. Solution Case Scenario Prior to Failovera. Scope. The command 'diag sys ha reset-uptime' is d A device failover takes place, where the primary unit fails due to a device failure. Aug 15, 2023 · Select 'Interface members' and another menu will pop up. The device will stay in a failover state (secondary) regardless of the conditions. Solution: For optimal dual WAN setup on FortiGate, follow these detailed instructions: Configure Static Default Routes: Create a static default route for each WAN interface. From the FortiGate perspective, FortiGate only processes the traffic as it is received. end. 91. Select OK. If a monitored interface on a subordinate unit fails. ScopeAll FortiGate firmware. be/2 Jul 5, 2023 · First Step Login to your FortiGate admin account, then configure wan interface ISP1 and ISP2 set ISP1 interface IP address to 192. Jun 2, 2015 · When and how the failover happens 1. Go to Network -> SD-WAN. The device will stay in a failover state regardless of the conditions. FortiManager HA Primary configuration: FortiManager HA Secondary configuration: HA results of FortiManager Primary (FMGVMXXXXXXX048) and FortiManager Secondary (FMGVMXXXX Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate's interfaces. Use the check boxes and sliders as necessary. HA links and synchronises two or more devices. See: https://www. Jun 26, 2019 · Start by reviewing the current status of HA on the FortiGate/FortiProxy from the GUI under System -> HA, or using CLI with the below command. If the addressing mode on one of the wan interfaces is DHCP, configure the interface to use DHCP: Select Network -> Interfaces. Scope: FortiGate. High Availability (HA) is a feature of Firewalls in which two or more devices are grouped together to provide redundancy in the network. Scope: FortiOS. # execute ha failover set 1 Caution: This command will trigger an HA failover. Repeat the above steps to set Interface to wan2 and Administrative Distance to 20. Click OK. Scope: FortiGate 7000. Navigate toSystem > HA. Prerequisites: A Fortinet HA cluster is already configured. The vrdst-priority option can be used to reduce IPv4 VRRP failover times. Note: if the WAN interface is in PPPoE or DHCP mode, there is no need to create a static route. FortiGate on High Availability clusters. edit 1 . FortiGate. The goal is to illustrate the use of the CLI command 'diag sys ha reset-uptime' on a simple scenario. Jun 14, 2022 · config system interface edit <port> config vrrp edit 1 set vrip <IP address> set adv-interval <interval value, in milliseconds (250 - 255000)> next end next end . Select Create New -> SD-WAN Member. Network intermittence / flapping occurs (for example: the connection works for 10 minutes, then goes down for 10 minutes). To test failover of the redundant Internet configuration, you must simulate a failed Internet connection to one of the ports. How to configure. Jul 2, 2010 · FortiGate-6000 HA supports failover protection to provide FortiOS services even when one of the FortiGate-6000s encounters a problem that would result in partial or complete loss of connectivity or reduced performance for a standalone FortiGate-6000. ISP_1 Mar 7, 2025 · how to fix failover issues in FortiGate Azure-HA configured using AZURE SDN. To configure the routing of the two interfaces using the CLI: config router {static | static6} edit 1 set dst 0. This option causes the primary router to actively signal to the backup routers when the primary router cannot reach its Sep 15, 2023 · Create an SD-WAN zone to encompass both the WAN and IPsec interfaces. com/kb/article/0001730 for full explanatio Mar 14, 2023 · This article explains how to use a link monitor to trigger full BGP traffic failover to a secondary ISP. Step 1: Configure create SD-WAN Interface. Mar 11, 2023 · Hello, I have the same issue with vm cluster of fortigate. The Failover IP Address is used primarily as a server gateway and to provide an IP address for system services such as the GUI, SSH, etc. The only way to remove the failover status is by manually turning it off. Remote IP monitoring uses ping servers configured on FortiGate interfaces on the primary unit to test connectivity with IP addresses of network Oct 11, 2022 · This article describes how to configure HA failover delay when monitored interface go down. Refer to the documentation for more information. Scope FortiManager. When it appears the device recognize the fault and it send traffic to another one but, when I enable the interface or Interface-based traffic shaping profile Interface-based traffic shaping with NP acceleration QoS assignment and rate limiting for FortiSwitch quarantined VLANs Ingress traffic shaping profile Internet Services May 21, 2022 · To access the secondary in GUI, you need to use LAN1/MGMT interface by setting the GW in the HA config, and assigning different IP on the interface. Sep 27, 2023 · FortiGate v7. The topology consists of WAN1, WAN2, and WAN3, where WAN2 acts as the primary link, WAN1 as a secondary link, and WAN3 as the last resort in case both primary and secondary links fail. Oct 5, 2016 · After the failover, the cluster resumes and maintains communication sessions in the same way as for a device failure. This allows for a failover time of less than 50ms, depending on the configuration and the network. Scope: FortiGate-VM. May 11, 2022 · Hi, we may have different opinion and point-of-view how we see the thing is done. To configure a performance SLA: Sep 25, 2023 · different options available to trigger an HA failover in the FGCP HA environment to make sure the traffic fails over to the backup FortiGate. After a Feb 20, 2015 · FortiGate GUI -> Log and Reports > System Event. Select Ok to save. Failover protection. Default routes were configured below: config router static . 22 Link failover means that if a monitored interface fails, the cluster reorganizes to reestablish a link to the network that the monitored interface was connected to and to continue operating with minimal or no disruption of network traffic. Solution Configuring the interfaces. 2. set failover-hold-time <integer> end . Solution . When the FortiGate undergoes failover, The Public IP Associated with NIC(. 2/32 and 172. This failover protection provides a backup mechanism that can be used to reduce the risk of # execute ha failover set 1 Caution: This command will trigger an HA failover. 202. 0 0. HA failover can be forced on an HA primary device. Step 4: Create 2 SD-WAN Rules (Perform on Site1). 6). HA Uptimeの長い機器 3. config system ha set hb-interval-in-milliseconds {100ms | 10ms} end Route based monitoring. Link fails. config system link-monitor edit "1" set srcintf "wan1" set server "10. Do you want to continue? (y/n)y To view the failover status: # execute ha failover status failover status: set To view the system status of a device in forced HA failover: In this example, the detection server IP address is 208. Oct 20, 2020 · This article explains the best practices for Interface monitoring (port monitoring) in FGCP high availability. A link failover takes place, where a monitored interface on any unit either fails or is restored. next end # execute ha failover set 1 Caution: This command will trigger an HA failover. Jul 1, 2020 · How to set it by issuing the command 'execute ha failover set [vcluster]' to perform a forced failover on an HA primary/active unit. The success of this feature depends on the FortiGate hardware configuration and the network configuration. Similarly, the LAN G Jan 20, 2023 · Finally I could solve the situation changing configuration in FG aggregate interface: config system interface edit "Link-to-SW" set lacp-ha-slave disable --> With this command the stanby unit has the ports level 1 link up but switches ports connected to standby unit are in suspended mode even in failover I explained before. Log: the static route is removed Route (10. set pingserver-flip-timeout 120. 2/24, and is monitoring the link agg1 by pinging the server at 10. Nov 3, 2024 · Step 2: Access the FortiGate Web Interface. Apr 8, 2011 · The article describes how to restore the Primary role to the cluster unit 'preferred' Primary after a fail-over has taken place. Solution. 5) should be transferred to NIC(. Mar 7, 2019 · To failover traffic from Primary Fortigate firewall to standby just change the priotiy of the firewall. Do you want to continue? (y/n)y To view the failover status: # execute ha failover status failover status: set To view the system status of a device in forced HA failover: This article describes a scenario of HA active passive Failover between the primary and secondary FortiGate-VMs deployed as an HA cluster within the same availability zone in the AWS cloud. Caution: this command may trigger an HA failover and is intended for testing purposes. 5. ScopeFortiGate. Solution: Configure WAN interfaces using Manual IP assignment: Go to Network -> Interfaces, and assign an IP address to the first WAN interface: Repeat the same step as WAN1 but with WAN2 now. Port monitoring causes a cluster to failover if a monitored primary unit interface fails or is disconnected. Syntax. Solution: Prerequisites: On the FortiGate system, two/three WAN interfaces are correctly set up and linked. 0 set interval 5 set timeout 1 set failtime 5 set recoverytime 5 set ha-priority 1 set update-cascade-interface enable set update-static-route enable set status enable next edit "wan1" set Jun 10, 2019 · I currently have link health monitors, so interested how this works out. Before port3 at Bezza-kvm36 go Nov 8, 2023 · config system link-monitor edit "1" (internal7) set srcintf "internal7" set server "8. 2) HA heartbeat interface failure (fgtraphahbfail). petenetlive. To configure wan1 as static Enable SD-WAN and add wan1 : Go to Network -> Interfaces, select the WAN port to configure, set t Jun 2, 2016 · Before triggering a failover when a link fails, the administrator must ensure that monitor interfaces are configured. Note: For a multi-VDOM FortiGate/FortiProxy, the above command is used in 'config global' mode. の大きい機器ので、以下にてUptimeをResetする事で実質Failoverします。 diagnose sys ha reset-uptimeなお、このコマンドを打った Nov 6, 2014 · In the HA configuration, you can configure the option "set monitor" to monitor a physical interface and trigger a failover if this local interface of the FortiGate is DOWN. 21. Set the pingserver-flip-timeout set to 120 minutes. May 20, 2019 · This article will show you how to configure Failover for WAN lines, to create high availability for your enterprise network. HAのプライオリティの高い（数値が大きい）機器 4. ScopeFortiGate, v7. Monitored port. x. Interval: The interval at which the FortiGate sends a health check. You will not be able to change the Failover IP Address. ,) then it will immediately bring down the BGP neighborships associated with that Failover protection. Click on Commit to save the peer. physical link disconnection, administrative shutdown, VPN dead-peer detection, etc. After the secondary FortiGate becomes the primary, you can log into the cluster using the same IP address as before the fail over. But for me, just to make slave become primary in A-P configuration - should not cause the failover as long as all parameter is well maintained like monitoring port, uptime, and so fort. 112. In this scenario, the site-site IPSec tunnel has been created as described in this document: Basic site-to-site VPN with pre-shared key but the tunnel was still down. 1) HA cluster status change (fgtraphastatuschange). May 25, 2021 · If pingserver-failover-threshold 10 is configured, the total link monitor HA priority will be 5 when three of the servers failed in the link monitor, which is lower than the failover threshold (10) so a failover will not occur. 4. This section includes information about FortiOS Remote link failover (also called remote IP monitoring) is similar to HA port monitoring. This option also changes how the FortiGate unit processes firmware upgrades to reduce service interruptions. This means a failover occurs if the link health monitor doesn’t get a response after 5 attempts. 168. Solution Configuring HA using manual failover mode. Right click on Failover on the left navigational pane and select Add failover peer. To disable: execute ha failover unset 1. In a scenario where the HA-cluster does not initiate a failover when the 'wan2' interface goes down on the Master device, it can be because the number of interfaces down on the Slave device is higher or equal to the number of interfaces down on the Master Jul 4, 2022 · In FortiGate there are two SNMP traps so, enable 'HA cluster status change and HA heartbeat interface failure'. The primary unit and the first backup unit are connected to the same network. Select 'Create' and a new 'Edit SD-WAN Member' menu will pop up. Traffic will failover to the secondary WAN. FortiGate High Availability (Pre-Requisites) Obviously the firewalls need to be the same! In this example, the detection server IP address is 208. set pingserver-failover-threshold 5. Primary Firewall configuration: Fortigate-Primary (global) # show system ha config system ha set group-id 1 set mode a-p set hbdev “port1” 50 “port2” 50 set session-pickup enable set override enable set priority 200… Nov 19, 2018 · FortiGateのFailoverは以下の順で選定されます。1. Jul 19, 2020 · To avoid this behavior, Fortigate have link monitor feature hidden in CLI mode. May 8, 2024 · FortiGate HA. The above log means that the static route of wan1 is removed and the health check failed. When i try to test if link failover is happening by administratively taking down a monitored interface like port1 on the primary fortigate, the odd thing is that the failover doesnt happen and also the port1 that I took down on the primary gets also automatically taking down on the secondary and causes a complete denial of service it s Enhanced reliability is achieved through device failover protection, link failover protection, and remote link failover protection. See Device failover on page 1499. Link monitoring and failover Performance SLA link monitoring measures the health of links that are connected to SD-WAN member interfaces by sending probing signals through each link to a server, and then measuring the link quality based on latency, jitter, and packet loss. So that when there would be failover, The FortiGate will send ha cluster status change trap to the SNMP managers. Sep 23, 2024 · This article describes how to configure failover on a FortiGate using policy-based routing to manage two or more redundant WAN links for specific traffic. Reason going to more insight on traffic and throughput. Select the WAN interface. 0. Fortigate link monitor will ping certain server/ip address and will modify the route if the Fortigate failed to ping the server for several retries. 2/24 FortiGate StateRamp support 7. Notice it does not contain the new ISP yet. Scope: FortiGate 7. Network devices that respond slowly to an HA failover can prevent this feature from reducing failover times to less than a second. Solution # execute ha failover set 1 Caution: This command will trigger an HA failover. 99. Increased performance is achieved though active-active HA load balancing. Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster. The FortiGate Clustering Protocol (FGCP) provides failover protection, meaning that a cluster can provide FortiGate services even when one of the devices in the cluster encounters a problem that would result in the complete loss of connectivity for a stand-alone FortiGate unit. For example, if both links connect to a single switch, and that switch fails, then you could experience an outage. Solution In Fortigate HA, the following options exist to test a fail-over: Scenario 1: If override is enabled in the HA settings of both units So my aim was to setup FortiGate High Availability failover in Active / Passive mode. Session failover protection for most IPv4 and IPv6 sessions also contributes to enhanced reliability. The ping protocol is used, but other protocols could also be selected as required. execute ha failover set <cluster_id> execute ha failover unset <cluster_id> Feb 28, 2025 · This article describes sets to configure interface monitoring on a Fortinet High Availability (HA) cluster. 3/fortigate-7000-handbook. Scope . Any of those links going down will trigger a failover. When failover occurs on a FortiGate HA cluster within the same availability zone, the secondary node takes over. Do you want to continue? (y/n)y To view the failover status: # execute ha failover status failover status: set To view the system status of a device in forced HA failover: If you are using port monitoring, you can also unplug the primary FortiGate's internet facing interface to test failover. FortiGate# get system ha status <----- Shows detailed HA information and the cluster failover reason. Here are steps you should consider: Link Health Check: Ensure the link health check settings are appropriate. Need: Dual Wan Failover only “without load-balancing” Also with the ability to be able to route certain devices on the same LAN(TV’s) out the If the primary WAN interface of a FortiGate is down due to physical link issues, the FortiGate will remove routes to it and the secondary WAN routes will become active. Feb 20, 2015 · Is there an easy way to promote or change HA roles from SLAVE to MASTER in Fortigate (800c) 2 nodes HA failover cluster, within Fortigate gui or cmd commands/configuration? Per default (If you haven´t enabled device priority override") the HA Master election is based on the following: 1. HA failover can be forced on an HA primary device. 100. To configure a performance SLA: How to setup high availability on FortiGate firewalls for Active / Passive deployment. You now need to assign a failover flag to the backup peer. Solution: In the following example, the failover-hold-time has been set to 30 seconds. 8 ping-down). 16. The failover peer entry form as shown below: Enter a Peer Name for the backup peer and type or paste in the signature of the preferred primary that you saved from step 3. Sep 20, 2023 · This article describes how to set up SD-WAN failover between two/three WAN ports in FortiGate. 'ECMP' stands for 'Equal Cost Multiple Path'. Configure the failover parameters for the preferred primary FortiADC; in this case sn01 on the VLAN 172net. Gateway = Add the Gateway here. May 6, 2011 · set pingserver-monitor-interface 1-B1/1. Here is what I am needing to accomplish and what I have tried. Dec 8, 2023 · This article describes how to manually deploy a High Availability (HA) Active-Passive FortiGate cluster on AWS, ensuring proper configuration of management interfaces and VPC routing. 6. 1. When using multiple links to connect your FortiGate to the LAN, asses your network for single points of failure. 8" set protocol ping set gateway-ip 0. Relevant configurations. Essential tests, including a simulated failover, guarantee robust performance and failover handling. Login to Fortigate by Admin account # execute ha failover set 1 Caution: This command will trigger an HA failover. Create another member for the IPsec interface following the same steps. シリアルNo. Configurations that can impact the HA primary unit section are listed below: This allows for a failover time of less than 50ms, depending on the configuration and the network. 22 Apr 30, 2023 · This illustration show how you can setup, test and configure Fortigate FW Auto link failover feature and compare it with SDWANFortigate SDNhttps://youtu. 50 <-> 8. It assumes you are starting with three FortiManager units with factory default configurations. Aug 20, 2024 · When link-down-failover is enabled, the FortiGate will dynamically monitor the outgoing interface used for each BGP neighborship. Log in to the FortiGate primary unit using the web-based interface. Results. Jun 21, 2019 · how to perform failover between two FortiManagers. Apr 20, 2023 · This happens when the primary failed over by using the command 'execute ha failover set 1' to force a failover, but has never been unset. From what I see the switch logs on the newly active fortigate, it seems as if the new active FG goes and completely reconfigures all the switches, which leads to a lot of spanning tree state changes which Oct 1, 2014 · Consider a simple setup where FortiGate is probing the server 10. Solution: When a monitored interface goes down, it triggers a failover, which causes the cluster to renegotiate and re-select the primary unit. # config system ha. If you are using port monitoring, you can also unplug the primary FortiGate's internet facing interface to test failover. Select the Interface (port2 and port10 in this case). 2/24 set ISP2 interface IP address to 192. To configure a performance SLA: Dec 17, 2024 · This article describes how to manually trigger a failover for a FortiGate 7000 cluster. how to configure wan1 as a static interface and wan2 as DHCP interface and set up an ISP failover between them. Configuration Steps: Select 'SD-WAN' from the dropdown menu under 'Network' on the menu bar. リンクアップしているモニタポートの多い機器 2. It is intended for testing purposes. g. To configure a performance SLA: Oct 7, 2022 · Hi all, for a customer I'm configuring the sdwan, In order to be sure that everything works fine, I have done failover test, in particular I have simulated a fault between two lines. If a monitored interface on a subordinate unit fails, this information is shared with all cluster units. 2. A performance SLA is created so that, if ping fails per the metrics defined, the routes to that interface are removed and traffic is detoured to the other interface. Before triggering a failover when a link fails, the administrator must ensure that monitor interfaces are configured. Step 3: Configure HA Settings on the Primary FortiGate. But ya, shutdown the primary whi Mar 11, 2023 · Hello, I have the same issue with vm cluster of fortigate. You can only have 1 SD-WAN interface, and I don't like the idea of both trusted (site to site) and non trusted (aka internet) being in the same interface when showing Apr 10, 2009 · PurposeThis article describes how to configure load-balancing over multiple interfaces (multiple ISPs - dual [or more] WAN connections, for example) and implement the link redundancy (fail-over). Link failover (port monitoring or interface monitoring) Link failover means that if a monitored interface fails, the FortiGate-7000E cluster reorganizes to reestablish a link to the network that the monitored interface was connected to and to continue operating with minimal or no disruption of network traffic. hqzf qnciyj ymor lsty dfzly ibdx gnxz pqebxa geln obf dlmgof ldxx ykujp yphz rgz