Question How to configure failover for Web server in case of ISP down?

Suriya Bond R

Jan 13, 2014
Hi Guys,

I have been recently working in deploying Web Servers which requires 100% uptime. In my organization we have 2 WAN connections (say A and B), WAN A with 12 Static Public IPs (Leased Line) and WAN B with 1 Static Public IP (Broadband) and we have 1 Fortigate firewall where both the WANs are configured in failover setup (When primary WAN is down, the secoundary WAN will provide Internet connection to the organization).

In Webservers, the private IP of the Web Server is configured to a static Public IP of WAN A via NAT. If WAN A is down means, the Webserver cannot be accessed via Internet. In this case how can I make the secondary WAN B to serve the webserver to the internet or please suggest me any solution/technologies that we can implement to eliminates this situation.

Thanks In Advance.
Last edited:
I am going to bet it is impossible to do what you want with your current configuration.

Let say you have IP x.x.x.x and y.y.y.y from different ISP. So lets say the primary ip is x.x.x.x and you set that in the DNS.

Some use that wants to access your server will look the URL up in the DNS and get x.x.x.x. Now if x.x.x.x goes down the traffic will be dropped by your ISP. The end user does not know about ip y.y.y.y and the DNS will keep telling him to go to x.x.x.x

So you could try to change the DNS entry to use y.y.y.y for your web site but it takes time to propagate through the internet. Many minutes in most cases. Not really a good way but I suspect this will be your only option.

Now you could look at some hosted solution where you put in some form of load balancer in a data center that could change but you might as well just move your servers to the hosted center and let the hosting company deal with the redundancy.

So the way this is actually done...and why you likely can't solve it.. is you need to run a routing protocol to tell the internet when a connection is down. The way it is done is you take a IP like x.x.x.x and advertise it via 2 different ISP. You set the metrics so one is better than the other one. When a connection goes down the route for that connection goes away and the second one now has the best metric. Worst case it can take three minutes to change worldwide but it is must faster in general.

The reason you can't do this is you do not actually own those IP addresses. The actual owner is one of your ISP and they would have to allow you to advertise it on another ISP network. Because of how the internet works even if they want to it is very hard to get single IP or even groups of ip to be advertised. The minimum block size is a /24 which is 255 ip addresses. This is why it tends to be impossible for a small company to run a redundant connection because they can not get a block that big.

This problem is why almost all companies large and small have outsourced server and network stuff to the large cloud providers and they just do the application/web design stuff.
Reactions: Suriya Bond R



Latest posts