Skip to main content
knut
knut
New Member
November 1, 2006
Question

Changing ISP

  • November 1, 2006
  • 5 replies
  • 4479 views
I got a Fortigate 100A working as a router/firewall for personal users. We are changing the ISP at the front, and we got all public IP' s. What I would like to do is to keep the old connection as a backup, as well as serve the internet connection until everybody have gotten a new IP-adress. But the fortigate seems to struggle with two equal default gateways (I can only connect to WAN1-IP adresses and not WAN2). At first I would have liked the ip' s today will stay the same until it asks for a new IP from the DHCP. But this doesn' t seem to work that well, so I might have to change the firewall rules to use NAT with the old adresses through the new ISP. I' m using WAN1 as the old connection and WAN2 as the new. Internal is currently the old connection, and the DMZ1 is the new, both connected to the same switch. Is there any good way to do this?

    5 replies

    Fireshield
    Fireshield
    New Member
    November 1, 2006
    First off, is there a reason you are moving the Internal network to the DMZ? You should be able to allow the traffic just fine from the Internal. The only requirement for equal routing is to have one set to priority via the CLI. conf rout sta edit X set priority 1 (for new link, 2 for old) next end Then also make sure you have firewall policies to allow the traffic.
    knut
    knutAuthor
    New Member
    November 1, 2006
    The reason for two interfaces on the internal side is because of different internal ip-adresses (all public ip' s).
    Fireshield
    Fireshield
    New Member
    November 1, 2006
    Then you will want policy routing. Source [DMZ IPs] Destination [WAN2]
    knut
    knutAuthor
    New Member
    November 1, 2006
    How could I overlook that one! Thank you very much for a quick and promt answer
    A
    Anonymous_User
    Contributor
    November 4, 2006
    Hi! Just to describt you how you could work with policy based routing (no ' backup' , just simple static in the first run). Define everything as if there was only your internal Network and your new Provider. Set the default route with your new provider (WAN1), enable NAT for the clients and write some policies. You can test your settings by now, if eveerything is working with the internal Network as usual. In the second step, you route _all_ your traffic from the DMZ interface via the old provider (WAN2). For this reason establish a policy route for all Traffic arriving from DMZ to be routed over WAN2. Write some normal Policies to allow the traffic from DMZ to Wan2. You should be done.
    Terms & ConditionsAccessibility statement