New Member

Solved

Dual WAN separate traffic

Forum|Forum|10 years ago
August 25, 2015
4 replies
37349 views

Hello, i want to ask, i have a fortigate with 2 internet connections,i want to make WAN 1 for server database and Active directory and WAN 2 for client, server database and AD is one segment with client, can i make that with fortigate? please help me.

Best answer by vjoshi_FTNT

With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

gschmitt

New Member

Go to System > Config > Features and set Advanced Routing to On

Go to Router > Static > Policy Routes and click Create New

Protocol Any

Incoming Interface internal

Source Address / Mask Your IPs which go to wan1

Destination Address / Mask 0.0.0.0/0

Then:

Outgoing Interface wan1

Gateway Address as needed

Repeat the step above with wan2

Sylvia

Explorer

Hello,

gschmitt is right.

In case you can not configure the gateway for the policy routes, you have to make sure to have two default routes for both wan interfaces with the same distance. If you configure a better (=smaller) priority to one of the default routes, then this route would be used by default for outgoing traffic.

Sylvia

vjoshi_FTNT

Staff

Yes, the above solution would work.

Along with that, having a link fail detection applied makes it more reliable.

Below KB article explains how to do it :

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD35080

Hope that helps.

francesco73

New Member

Hello,

At the moment we have only 1 Wan so all the traffic goes through wan 1.

In the next future we will add the second wan.

We want the same..that server with fixed Ip will remain to go to the old wan1 and users traffic will go through the new wan2.

is there no need to change any policies in Policy->Policy ?All the policies there at the moment refer only to wan1

Thanks Francesco

vjoshi_FTNT

Staff

Hello,

When you get the second WAN, you need the below:

- A default route via Wan2 (with equal distance and priority)

- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1

Another Firewall policy from Lan to WAN2 allowing the whole local subnet

francesco73

New Member

vjoshi wrote:
Hello,

When you get the second WAN, you need the below:
- A default route via Wan2 (with equal distance and priority)
- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1

Another Firewall policy from Lan to WAN2 allowing the whole local subnet

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

vjoshi_FTNTAnswer

Staff

With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded