- All testing was done on a Fortinet Fortigate 60E firewall, running FortiOS 5.4.1.
- Click screenshots to view at full size.
Part One: Configuring Interfaces
Power on the RocketFailover device, and make sure the Ethernet cable is connected to the wan2 port on the firewall.
Part Two: Configuring Routing
Edit the default static route for wan1. Under Advanced Options, make sure you set the priority to 0.
Create a new default static route for wan2. Under Advanced Options, make sure you set the priority to 10.
Add a new WAN Status Check Item, this will periodically check your primary internet connections to ensure it is online, and facilitate the failover if the primary connection were to fail. You will need to configure this from the CLI as follows
#config system link-monitor
set srcintf wan1
set server 188.8.131.52
set protocol ping
set gateway-ip x.x.x.x
set source-ip 0.0.0.0
set interval 5000
set failtime 3
set recoverytime 3
set ha-priority 1
set update-cascade-interface enable
set update-static-route enable
set status enable
- If your firewall is using standard routing, you will use a static route to configure ConnectionValidation for iStatus.
- Click Create New on the Network -> Routing page to create a new Static Route and configure as follows, but make sure you use the Gateway IP address of the RocketFailover device.
- If your firewall is using advanced routing, you can either use a static route (as shown above) or a policy route to configure ConnectionValidation for iStatus.
Click Create New on the Network -> Policy Routes page to create a new Policy Route
- Configure the Policy Route as follows below. You will need to specify the source address/mask to instead use the local LAN network where the iStatus device is plugged in. Additionally, the Gateway address should be specified as the default gateway of the RocketFailover Device.
Verify that your Policy Rules are in place to allow traffic to flow out the new RocketFailover wan2 interface on the firewall. Below is a sample of the default internal to wan1 rule that is created in a new firewall, and a duplicate of that rule for internal to wan2.