Skip to main content
AndreaDV
AndreaDV
New Member
May 14, 2024
Solved

How to create 1 Wan with 2 Lan Trunk

  • May 14, 2024
  • 8 replies
  • 5143 views

Hi i've a Forti 60F,

i've to create manage 2 WAN for the customer.

The first WAN have an internal LAN where NAT is enable, and I have no problems with this network.

The second WAN have an unique cable but Is a trunk of 2 LAN, with 2 different gateway. 

In the lan side of the 60F i've to configure both lan and direct, with 2 different gateways, always to the same outgoing wan port 2. How is it resolved? By making internal VLANs?   

Thanks

Best answer by ebilcari

The first option will do it, it will create "subinterfaces" on the physical interface (wan2) that you can connect on a switchport that sends tagged VLAN traffic with ID 433 and 443.

8 replies

sw2090
SuperUser
sw2090
SuperUser
May 14, 2024

unfortunately your description is hard to follow. Can you add some diagram? 

I have FortiGates here that have three WAN with two different providers and either NAT behind the WAN (where is the Router that has the ADSL Modem) or WAN IP directly on the WAN of the FGT.

I handle them all via sdwan. So they can be in an sdwan zone alltogether.Can have some health checks and the rest can be done either with policies or/and sdwan rules.

AndreaDV
AndreaDVAuthor
New Member
May 14, 2024

I took the time to draw it and I'll share it, thank you in the meantime

AndreaDV
AndreaDVAuthor
New Member
May 14, 2024

How it is possible to use 2 different IP/DG on WAN2 interface?
outside there is another Firewall that have the 2 vlan 

IMG_0003.jpg

ebilcari
Staff
ebilcari
Staff
May 14, 2024

You can create more than one interface type VLAN and set the VLAN ID that you have configured on switch port (trunk)

subinter.PNG

You can than use Policy routes to route user traffic as required.

Emirjon
AndreaDV
AndreaDVAuthor
New Member
May 14, 2024

Can i use WAN2 port like this 

aa.jpg

or i have to use a port in trunk mode like this (in this example I had not yet added the two VLANs)

 

2024-05-14_174805.jpg

sw2090
SuperUser
sw2090
SuperUser
May 14, 2024

ok one port can not be a trunk on a fortigate. You would have to create two vlan interfaces that are tied to WAN2 on your FGT. Then you have to have a default route and static routes for what you need.

However you can only have more than one default route for redundancy (and that only as long as you don't use sdwan). The metric (prio/distace) will set which default gw will be used. In case you use sdwan you just need a default route via sdwan and sdwan does the rest for you.

 

So what do you want to route to where?

WAN1 natted to internet only? WAN2 used to access the two vlans behind the other firewall?

AndreaDV
AndreaDVAuthor
New Member
May 14, 2024

Wan 1 is natted and used in a dedicated lan of customer, wan 2 only to access to the two vlans. 

no redundancy or communication between networks is needed, they are two distinct networks, one serves wan1 while the other relies on two vlans

sw2090
SuperUser
sw2090
SuperUser
May 14, 2024

BTW: if you create the two vlan interfaces on WAN2 with correct vid and each has an ip out of the corresponding vlan you don't need static routes because in this case there is connected routes coming with those interfaces. In that case only the other side would need to have a route back to you to be able to answer your requests.

AndreaDV
AndreaDVAuthor
New Member
May 14, 2024

ok thanks, I'll try it as soon as possible, for now I've configured them like this

aa.jpg

 

sw2090
SuperUser
sw2090
SuperUser
May 14, 2024

yes that's what I said. Two vlan interfaces tied to WAN2 and both have an IP out of the corresponding VLAN. 

Terms & ConditionsAccessibility statement