Bgp – In one organization having two ISP which configured on fortigate firewall ? How to we do the failover for internet

bgpfirewallfortigateinternetisp

Organisation don't have AS number .As of now we are doing manually route for any ISP at a time.
when default Internet link is go down that time making second link enable on firewall.

I saw the some solution on google which is to configure BGP but for that we need organization AS Number.
If any alternative for the failover of internet links(different ISP) then
Please provide the solution for the case ,we have fortigate 100D firewall .

Best Answer

Create 2 default routes (0.0.0.0/0) to the 2 gateway addresses of your ISPs. The secondary one should have a higher distance like 20 as the default distance in FortiOS is 10.

This will guard you from link failure. As soon as one link is down, it's default route is deleted from the routing table, and the other one is added.

You will probably want to watch both connections if they can handle outbound traffic (link failure has it's obvious limits). You can set up remote ping servers which send pings to a public, always-up destination. As soon as the ping server fails, the route is deleted.

This is configured in the CLI. You can specify multiple destination servers which have to fail all together to trigger failover.
Here is an example:

config system link-monitor
    edit "quad9"
        set srcintf "wan1"
        set server "9.9.9.9" "9.9.9.10"
        set interval 10
    next
end

Best Answer

Related Solutions

Routing – Policy routing configuration in Fortigate

Bgp – Routing traffic out different links from the same BGP AS

Related Topic