Yesterday, I made a post on how to achieve automatic failover when using a Mikrotik router with two ISP connections. You can find it here
. Now, assuming you have successfully set up automatic failover on your Mikrotik router, that means you may probably not know when one of your links goes down because the router automatically switches control to the second
ISP. In such situation, your ISP may be unaware that your connection has gone down. You need a system that notifies you of a downtime so that you, in turn, can notify the ISP, even though control has been switched to the secondary link. This is what I will be sharing with us in this post.
The task is to set up email notification, using netwatch, so that the router, upon noticing that a link is down, will automatically generate an email and, using the second ISP’s internet connection, send the mail to a predefined email address- the network admin’s email address or the concerned ISP’s email address.
Dual ISP connections
Sender’s and receiver’s email addresses
Email server’s IP address
A Mikrotik router with a minimum of three dedicated interfaces. (By dedicated, I mean not a slave to any other interface)
The below codes should be pasted in the new terminal window of your Mikrotik router after you have edited the source and destination email addresses and the server address. To get the IP address of your company’s email server, ask your hosting company, if it is hosted in the cloud or the server administrator, if it is hosted locally. Alternatively, you can get the address of the server by going to email settings on your Microsoft outlook. The in-coming and out-going server addresses are usually the same. Copy any one of them (in-coming or out-going) and ping it from the command prompt of a computer with internet connection. Your DNS server will resolve the address to and IP address so that you can use it for your configuration.
You may also like: How to resolve Site-to-Site VPN authentication issue on Mikrotik and Cisco routers
] system netwatch> add host=126.96.36.199 timeout=999ms … interval=20s up-script=secondary-up down-script=secondary-down
The last part is making sure that the pings used in testing the reachability of each ISP’s gateway goes out only through the interface that connects to that ISP.
] > ip firewall filter add chain=forward dst-address=188.8.131.52 protocol=icmp out-interface=ether2 action=drop
] > ip firewall filter add chain=forward dst-address=184.108.40.206 protocol=icmp out-interface=ether1 action=drop
The first rule drops all icmp packets to ISP1 via the interface connecting to ISP2 while the second rule drops all icmp packets to ISP2 via the interface connecting to ISP1.
If you have any questions, please use the comment box. Thanks for ready and stay safe.