Skip to main content
abdulasaad
abdulasaad
New Member
October 30, 2019
Solved

How to Direct Specific Traffic to Specific WAN ?

  • October 30, 2019
  • 2 replies
  • 5619 views

Dears , 

i have 3 internet sources in 3 WANs ... i need to direct the traffic of specific URL to a Specific WAN , is it possible ? 

 

Thanks in advance :) 

    Best answer by tioeudes

    Hello!

     

    You can set up different static routes for each speciffic traffic and set the gateway (wan) you want for each speciffic traffic.

     

    You can use sdwan for that too. Actually i would recommend using sd-wan rules.

     

     

    Best regards,

    tioeudes

    2 replies

    tioeudes
    tioeudesAnswer
    New Member
    October 30, 2019

    Hello!

     

    You can set up different static routes for each speciffic traffic and set the gateway (wan) you want for each speciffic traffic.

     

    You can use sdwan for that too. Actually i would recommend using sd-wan rules.

     

     

    Best regards,

    tioeudes

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    October 30, 2019

    I'm assuming you have three default routes to all wan interfaces. Then policies would decide which wan to go if you specify individual wan for some specific traffic. But they wouldn't failover.

    SD-WAN works almost in the same manner. Those wans are aggregated to "SD-WAN" interface. FGT set all static defaultroutes to all members. Then you'll specify which goes which with SD-WAN rules (CLI: config sys virtual-wan-link->config service). It has built-in failover mechanism you can configure (involving more consideration & configuration). That's why virtually everybody says "go to SD-WAN" in a situation like yours. 

    Be careful if you have site-to-site vpns over one of those interfaces. It requires even more consideration & configuration, which I'm currently struggling with.

     

    CHR57
    CHR57
    Explorer II
    October 31, 2019

    "Be careful if you have site-to-site vpns over one of those interfaces. It requires even more consideration & configuration, which I'm currently struggling with."

     

    Can you have an IPSEC over SD-WAN?

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    October 31, 2019

    Probably out of OP's topic and should have a separate thread.

    As I said "struggling" I'm still experimenting. VPN itself, either IPSec (site-to-site) or inbound SSL VPN, can still specify an individual interface, not SD-WAN (or virtual-wan-link). But you can't do the same with static routes. So it comes up and working as long as route is there to reach the other end. But I need to make sure the tunnel is not steered away by SD-WAN to another member interface with a rule in case of a static IPSec VPN. ...Or not. Still testing.

    By any means I'm not an expert of FGT SD-WAN yet. Start a new thread. I haven't seen this topic before.

    Terms & ConditionsAccessibility statement