Fortinet Routes Administrative Distance vs Priority

7th May 2024

This is only relevant when WAN1 and WAN2 are both plugged in. Happens when switching ISP’s or when a customer wants backup internet. See Article on using a Cell Phone as backup Internet.

Route will always use LOWEST administrative distance Interface, Until that interface goes OFFLINE. not until the internet connection gets crappy or slow, no quality issues accounted for. Note the routing table has 1 route and traffic coming in the higher AD Interface will FAIL to exit the other interface as that is a ASYMETRIC route, and firewalls hate those so they drop the outbound response.

Routes with equal Administrative Distance (and Priority) will do Equal Cost load balancing outbound. First conversation uses Wan1, second conversation uses Wan2, then back to Wan1 etc.

Priority:
By Default all routes have a Priority of 1.
Routes with equal AD/Distance but Lower Priority will be preferred until the Interface is completely down.
BUT there are 2 routes in the routing table, and traffic coming in the higher Priority interface will successfully be routed back out the same interface and complete the conversation.

IMHO there is little reason to use Distance over Priority, may be less memory efficient if you have over 50 routes? untested.

Click Network, Static Routes, right click on the column headings and choose to display Distance (AD) and Priority.

Testing routes during business hours:

Network, Static Routes, Create a very specific (/32) route out the new WAN interface. I use 8.8.4.4

Policies&Object, Firewall Policy, Create a generic policy to allow traffic out the new interface, from whatever network your test PC is on.

now do a tracert 8.8.4.4 from the Windows cmd prompt and you should see success if the interface is up, and your second hop will be the Default Gateway of the new ISP.