Fortinet Firewall Configuration Guide

Please Note: 

  • All testing was done on a Fortinet Fortigate 60E firewall, running FortiOS 5.4.1.
  • Click screenshots to view at full size.

Part One: Configuring Interfaces

  1. Power on the RocketFailover device, and make sure the Ethernet cable is connected to the wan2 port on the firewall.

  2. To configure the RocketFailover Connection on the wan2 port, double-click on the wan2 interface from the Network -> Interfaces Screenfortigate-interfaces.png

  3. Set the Address Mode to Manual, which will copy the IP settings over. Enable any services to enable remote access from the RocketFailover connection in case of a failover.fortigate-interfaces-wan2.png

Part Two: Configuring Routing

  1. Add a new WAN Status Check Item, this will periodically check both internet connections to ensure they are online, and facilitate the failover if the primary connection were to fail.


  2. Use the following settings for the WAN status check:fortigate-wanstatuscheck-2.png

  3. If your firewall is using standard routing, you will use a static route to configure ConnectionValidation for iStatus.fortigate-iStatus-static-route-basic-1.png

  4. Click Create New on the Network -> Routing page to create a new Static Route and configure as follows, but make sure you use the Gateway IP address of the RocketFailover device.fortigate-iStatus-static-route-basic-2.png

  5. If your firewall is using advanced routing, you can either use a static route (as shown above) or a policy route to configure ConnectionValidation for iStatus.
    Click Create New on the Network -> Policy Routes page to create a new Policy Routefortigate-iStatus-static-route-adv-1.png

  6. Configure the Policy Route as follows below. You will need to specify the source address/mask to instead use the local LAN network where the iStatus device is plugged in. Additionally, the Gateway address should be specified as the default gateway of the RocketFailover Device.fortigate-iStatus-policyRoute.png

  7. Verify that your Policy Rules are in place to allow traffic to flow out the new RocketFailover wan2 interface on the firewall.  Below is a sample of the default internal to wan1 rule that is created in a new firewall, and a duplicate of that rule for internal to wan2.




Have more questions? Submit a request


Please sign in to leave a comment.