Understanding FortiGate Link Health Monitor
One of the most valuable use cases for the FortiGate Link Monitor is its ability to enable WAN failover. WAN failover ensures that network connectivity remains intact even if a primary WAN link fails.
In the event of a failure, the Link Monitor automatically shifts traffic to an alternative link, allowing businesses to maintain critical services without disruption. This feature is indispensable for companies that need high-availability networks to continue their operations seamlessly.
Improved Network Monitoring with FortiGate
By implementing FortiGate Link Monitor, organizations gain enhanced network reliability, reduced downtime, and improved user experiences. With the system’s ability to detect and address dead gateways and failed links proactively, businesses can avoid service interruptions and keep their networks performing at their best.
Command Line Interface (CLI)
Link-monitor on Fortigate can be configured through the following CLI commands.
config system link-monitor
edit "1"
set addr-mode <ipv4 | ipv6>
set srcintf "Interface that receives the traffic to be monitored”
set server "IP address of the server(s) to be monitored."
set protocol <ping | tcp-echo | udp-echo | http | twamp>
set gateway-ip <Gateway IP address used to probe the server>
set source-ip “Source IP address used in packet to the server”
set interval “Detection interval in milliseconds (500 - 3600 * 1000 msec, default = 500)”
set probe-timeout “Time to wait before a probe packet is considered lost (500 - 5000 msec, default = 500)”
set failtime “Number of retry attempts before the server is considered down (1 - 10, default = 5)”
set recoverytime “Number of successful responses received before server is considered recovered (1 - 3600, default = 5)”
set probe-count “Number of most recent probes that should be used to calculate latency and jitter (5 - 30, default = 30)”
set ha-priority “HA election priority (1 - 50)”
*set update-cascade-interface “Enable/disable update cascade interface, default: enable”
[* It is advised to keep disabled as it may cause the production environment down , Make sure it's working before enabling it]
**set update-static-route “Enable/disable updating the static route, default: enable”
[** It is advised to keep disabled as it may cause the production environment down, Make sure it's working before enabling it]
set status “Enable/disable this link monitor, default: enable”
next
end
Following is a sample configurations
config system link-monitor
edit “1”
set srcintf “wan1”
set server “10.109.21.50” <- The server that is probed via WAN1 interface.
next
end
Enriching Your Link Monitoring Setup
When configuring the FortiGate Link Monitor, ensure to enrich your setup by including additional settings that align with your network requirements. Consider configuring link monitor settings to customize how the monitor interacts with each network link.
For instance, adjusting link monitor configuration parameters, such as probing frequency, response time thresholds, and failover criteria, can help fine-tune how FortiGate responds to gateway failures. This ensures that traffic rerouting is as smooth and efficient as possible, maintaining seamless operations.
Conclusion
FortiGate’s Link Monitor is an invaluable tool for ensuring consistent network performance. By actively monitoring network links and automatically rerouting traffic during failures, it minimizes downtime and helps businesses maintain continuous operations. While setting up the Link Monitor may require some technical know-how, the benefits—such as improved network reliability and minimized disruption—make it a must-have for any business relying on robust internet connectivity.
By focusing on the configuration of link monitor settings and enriching your system with semantic keywords like link monitoring configuration and monitor settings, you can maximize the effectiveness of the FortiGate Link Monitor and improve your network’s resilience to failures.
