This article describes how to verify the secondary WAN connectivity. This may apply after deploying a new ISP to the FortiGate to use as the backup for the existing WAN interface, or when replacing the secondary WAN circuit.
As example, the following routing table with one default static route that has a lower AD than the other:
When pinging a public IP address, the expectation is that the traffic will traverse through the route with a lower AD. In this case, port1:
Scope
FortiGate.
Solution
A static route is configured with the destination being a well-known public IP address with the subnet mask of 255.255.255.255.
The outgoing interface is set to be on the secondary WAN (in this case, port4):
The routing table evaluation will check the route with the longest prefix match first. If the AD is pinging the exact destination IP configured in this static route, the FortiGate will pick port4 to route the traffic through:
In this way, it will not be necessary to shut down the primary WAN interface or re-configure the default static route with a risk of disrupting the Internet traffic in the scenario, where the secondary WAN cannot reach the Internet.