Chapter 2 Advanced Routing for FortiOS 5.0 : Advanced Static Routing : Advanced static example: ECMP failover and load balancing : Configuring interface status detection for gateway load balancing
  
Configuring interface status detection for gateway load balancing
Interface status detection is used for ECMP route failover and load balancing. Interface status detection consists of the unit confirming that packets sent from an interface result in a response from a server. You can use up to three different protocols to confirm that an interface can connect to the server. Usually the server is the next-hop router that leads to an external network or the Internet. Interface status detection sends a packet using the configured protocols. If a response is received from the server, the unit assumes the interface can connect to the network. If a response is not received, the unit assumes that the interface cannot connect to the network.
Since it is possible that a response may not be received, even if the server and the network are operating normally, the dead gateway detection configuration controls the time interval between testing the connection to the server and the number of times the test can fail before the unit assumes that the interface cannot connect to the server.
 
As long as the unit receives responses for at least one of the protocols that you select, the unit assumes the server is operating and can forward packets. Responding to more than one protocol does not enhance the status of the server or interface.
To configure gateway failover detection for an interface
1. Go to Router > Static > Settings.
2. Under Dead Gateway Detection, select Create New.
3. Enter the following information:
 
Interface
Select the interface to test.
Gateway IP
Enter the IP address of the gateway.
Ping Server
Enter the IP address of the server to test.
Detect Protocol
Select one of the following protocols.
 
ICMP Ping
Use standard ICMP ping to confirm that the server is responding. Ping confirms that the server can respond to an ICMP ping request.
 
TCP Echo
Use TCP echo to confirm that the server is responding. Select this option if the server is configured to provide TCP echo services. In some cases a server may be configured to reply to TCP echo requests but not to reply to ICMP pings.
TCP echo uses TCP packets on port number 7 to send a text string to the server and expect an echo reply back from the server. The echo reply just echoes back the same text to confirm that the server can respond to TCP requests.
FortiGate units do not recognize RST (reset) packets from TCP Echo servers as normal TCP echo replies. If the unit receives an RST response to a TCP echo request, the unit assumes the server is unreachable.
 
UDP Echo
Use UDP echo to detect the server. Select this option if the server is configured to provide UDP echo services. In some cases a server may be configured to reply to UDP echo requests but not to reply ICMP pings.
UDP echo uses UDP packets on port number 7 to send a text string to the server and expects an echo reply from the server. The echo reply just echoes back the same text to confirm that the server can respond to UDP requests.
Ping Interval
Enter the interval between pings, in seconds.
Failover Threshold
Enter the number of times the test can fail before the unit assumes that the interface cannot connect to the server.
HA Priority
Set the HA priority, if configuring an HA cluster.
4. Select OK.
To configure gateway failover detection for an interface - CLI
config router gwdetect
edit port1
set protocol ping
set server 10.10.10.1
set interval 5
set failtime 5
end