The function of the Link Monitor is to take an interface and continuously try and call out to an IP address up stream. What we really need to do for this situation is setup what Fortinet calls a Link Monitor (previously called Dead Gateway Detection). As most network operators know, it’s very common for a physical interface on a router/firewall to stay up, but the modem or somewhere upstream is actually not working. But how does the firewall know when the Primary ISP is having issues and needs to stop sending internet bound traffic that way? With this configuration by itself, the only way the firewall will remove the default route to our primary ISP is if the interface on the device itself goes down. In the image above the primary ISP route will be used due to the distance value of 1. The lower the Distance the more preferred the route. In Fortinet world the metric for active/passive is Distance. Active/Active connections is an option, especially now with the rise of SD-WAN solutions, but often times a simple active/passive is what’s needed. Each route will have a weight or metric determining which one is more preferred. In a simple active/passive two ISP to one router (dual homed) setup, the router/firewall will have two static default routes for each provider. In IPv4 world if you are not using your own IP space and BGP peering with the upstream providers, then automatic failover when the primary connection goes down becomes a concern.
In an office or branch location that relies on internet access for productivity, it’s obviously typical to see a primary and secondary internet connection from two separate providers.
0 kommentar(er)
