Skip to main content
cstan1989
cstan1989
New Member
March 29, 2017
Question

Every departments using different internet line to access internet

  • March 29, 2017
  • 1 reply
  • 4092 views

Hello Everyone,

 

I am planning to configure each departments to access internet with different internet line.

 

Below is the step in my mind, hope all of you can give some advise.

- Create WAN LLB with Volume mode, weight put 0 for every WAN interface.

- Create WAN LLB Rules:

    - Source Address=All

    - Users Group=Departments

    - Destination Address=All

    - Protocol=Any

    - Outgoing Interface=Preferred WAN interface

- Create IPv4 Policy, Internal LAN to WAN

     - Source=Internal

     - Destination=Preferred WAN

     - NAT=Enable

 

Kindly advise above configuration is correct or wrong. If additional configuration is needed, please guide me on this.

 

Thanks much !!

1 reply

ede_pfau
SuperUser
ede_pfau
SuperUser
March 29, 2017

hi,

 

this is mainly a routing problem. There's one (1) and only one default route to unknown hosts on the 'net per system/FGT so you'll have difficulties with LLB alone.

Suggestion: create one VDOM per department, administer them from the 'root' VDOM. This way, each dept. will have it's own firewall, admins, users, policies, routes etc. etc.

Most FGTs feature 10 VDOMs for free, the bigger ones can be expanded up to 500 VDOMs.

cstan1989
cstan1989Author
New Member
March 31, 2017

Ok, let me try it..

Thanks lot.

MikePruett
MikePruett
New Member
April 3, 2017

You can also just make sure each department is on a different subnet and do policy routes for specific departments to go out a certain pipe.

Terms & ConditionsAccessibility statement