Skip to main content
Bart
Bart
New Member
May 18, 2015
Solved

FortiGate 80C - two ISP no routing

  • May 18, 2015
  • 3 replies
  • 5694 views

Hello,

 

from few days I try to set up router to using two ISP. I have virtual IP 79.10.10.245->192.168.1.5 on WAN1. I would like to use WAN2 for only one internal IP (192.168.1.15) and others internal IPs should go out via WAN1. I set up WAN2 (outside IP), added static route and police routes. Now the traffic for 192.168.1.15 goes via WAN2 but there is no routing between 192.168.1.15 and virtual IP 79.10.10.245. From 192.168.1.15 I can ping 192.168.1.5 and WAN1 router IP 79.10.10.242 but I can't ping 79.10.10.245.

 

WAN1 79.10.10.242/28

WAN2 80.10.10.242/28

Mail server IP: 79.10.10.245 /internal 192.168.1.5/

 

Static route:

WAN1:

destination:0.0.0.0/0.0.0.0

device: wan1 

gateway: 79.10.10.241

distance:10

priority:0

 

WAN1:

destination:0.0.0.0/0.0.0.0

device: wan2

gateway: 80.10.10.241

distance:10

priority:5

 

Policy routes:

Procotol: all

Inncoming interface: internal

Source: 192.168.1.15

Destination: 0.0.0.0/0.0.0.0

Outgoing interfece: WAN2

Gateway:  80.10.10.241

 

I would like to ask You to try help me.

 

Thank You,

Bart.

 

    Best answer by Rafael_Freire

    Bart wrote:

    Hi,

     

    I put to the post.

     

    Bart.

    Can you create a police route like bellow, putting the new PBR down of the wan2 policy? 

    Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway:  79.10.10.241

     

    3 replies

    Rafael_Freire
    Rafael_Freire
    New Member
    May 18, 2015

    Hello,

    I didn't understand all points . Can you post the result of " show static router" and " show router policy" here?

     

    Regards,

    Rafael Freire

     

    Bart
    BartAuthor
    New Member
    May 18, 2015

    Hi,

     

    I put to the post.

     

    Bart.

    Rafael_Freire
    Rafael_FreireAnswer
    New Member
    May 18, 2015

    Bart wrote:

    Hi,

     

    I put to the post.

     

    Bart.

    Can you create a police route like bellow, putting the new PBR down of the wan2 policy? 

    Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway:  79.10.10.241

     

    ashukla_FTNT
    Staff
    ashukla_FTNT
    Staff
    May 18, 2015

    Make sure the vip is set to interface as any not wan1.

     

    Then create a policy route like following:

     

    Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway:  (blank)

     

    Make sure this route is above of the any other policy route as policy routes are executed in sequence.

    Bart
    BartAuthor
    New Member
    May 18, 2015

    Guys works perfect !

     

    Solution:

    - change virtual ip to any interface

    - add policy rutes above all like:

     

    Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway:  (blank)

     

     

    Thank You a lot!

    Terms & ConditionsAccessibility statement