RE: Redundancy & Failover from Karim Jamali on 2012-01-13 (Ccielab archives 01/2012)

From: Karim Jamali <karim.jamali_at_gmail.com>
Date: Fri, 13 Jan 2012 21:04:16 +0300

Hi Joseph,

The problem I am trying to sort out is how to generat a default route to
the fortinet only when internet is actually there, and to stop it's
generation when internet is down..This is where the second router will
generate the default route.

Hope this clarifies it.

Thanks
On Jan 13, 2012 8:56 PM, "Joseph L. Brunner" <joe_at_affirmedsystems.com>
wrote:

> Fortinet's don't do failover well between candidate next hops on static
> routes with health checks....
>
> You need to use OSPF/RIP all around... forget sla's
>
> -Joe
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Karim Jamali
> Sent: Friday, January 13, 2012 12:05 PM
> To: Cisco certification
> Subject: OT: Redundancy & Failover
>
> Dear Experts,
>
> I need your support on the following scenario. I have a fortigate firewall
> which is connected to 2 internet routers (Cisco Routers). Now the objective
> I am trying to reach is to have full redundancy in terms of internet
> connection. I have thought of doing HSRP/VRRP and putting both routers on
> the same subnet and using tracking IP addresses to control pre-emption
> however this is not valid as the customer wants to keep his IP addressing
> the same. Thus each router is connected to the firewall on a seperate
> subnet (public subnet) where the firewall is doing the PAT/NAT..etc
>
> The Fortigate firewall only seems to have a static route which can point
> to a single next-hop, and there is no tracking functionality for those
> static routes. I have thought of configuring OSPF between the
> fortigate/Cisco routers, and using default-information originate attached
> to a route-map on both Cisco Routers with different metrics. However, when
> I am using the route-map I am trying to search for an SLA to match because
> i don't want to match the outside interface being "UP" as this doesn't mean
> that internet will be UP. Can anyone elaborate/help me find a better
> mechanism? So the whole line of thought is that if internet is available on
> router A by pinging a public DNS server for instance, I will generate this
> default route into OSPF, else i will remove it and Router B will be used
> for internet connectivity.
>
> Thanks
>
> --
> KJ
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 13 2012 - 21:04:16 ART

This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART