Use the Networking > WAN > WAN Redundancy > Link Failover Detection page to detect the link failure. If a failure occurs, traffic for the unavailable link is diverted to the active link.
1. Enter the following information:
• Failover Detection: Click On to enable the Link Failover Detection feature, or click Off to disable it.
• Retry Count: Enter the number of retries. The security appliance repeatedly tries to connect to the ISP after the link failure is detected. The default value is 5.
• Retry Timeout: If the connection to the ISP is down, the security appliance tries to connect to the ISP after a specified timeout. Enter the timeout, in seconds, to re-connect to the ISP. The default value is 5 seconds.
• Ping Detection: Choose this option to detect the WAN failure by pinging the IP address that you specify in the following fields:
– Default IP Gateways: Ping the IP address of default WAN gateway. If the default WAN gateway can be detected, the network connection is active.
– Specify the IP Gateways: Ping the specified remote hosts. Enter the IP addresses in the Primary IP Gateway and Secondary IP Gateway fields. In Failover mode, if the primary WAN remote host can be detected, the network connection is active. When using Dual WAN Settings, if the remote hosts for both WAN ports can be detected, the WAN connection is active.
• DNS Detection: Choose this option to detect the WAN failure by looking up the DNS servers that you specify in the following fields:
– Default DNS Servers: Send the DNS query for www.cisco.com to the default WAN DNS server. If the DNS server can be detected, the network connection is active.
– Specify DNS Servers: Send the DNS query for www.cisco.com to the specified DNS servers. Enter the IP addresses in the Primary WAN DNS Server and Secondary WAN DNS Server fields. If the primary or secondary DNS server can be detected, the network connection is active.