Skip to main content
shahruddin
shahruddin
New Member
April 25, 2018
Question

How to set default internet line

  • April 25, 2018
  • 2 replies
  • 12029 views

I have 2 internet line that use dedicated IP address connect to the fortigate 600C.

As  default when user using internet it will use A internet line, how to change B internet as default.

I found similar topic (https://forum.fortinet.com/tm.aspx?m=55676) while creating this post but I did not understand what the thread is talking about.

 

Please help to guide how to do it because I really new and don`t have any idea how to do it.

 

Thanks.

    2 replies

    Bubu
    Bubu
    New Member
    April 25, 2018

    Hi,

    Simply create a second static route for line B with a distance and priority lower than the route of line A. Then create a policy to allow internal traffic to the secondary WAN.

    This procedure allows you to define your default B line. If you want to load balance or other, you will need to make other changes.

    BR

    Bubu

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    April 25, 2018

    I'm assuming a policy or a set of policies is allowing internet access via both interfaces. Then it's about the default route both interfaces have. Currently a default route toward A internet line is wining. Then do you have two static default routes configured in different costs? Or FG600C is pulling DHCP/pppoe default routes from both internet circuits but different distances are set in interface config?

    Check interface config with in CLI:

        config sys int

            show

    then if it's not pulling, check static routes

        config router static

            show

     

    You need to flip the config between A side and B side whatever you have now.

    shahruddin
    shahruddinAuthor
    New Member
    April 26, 2018

    Hi Bubu, I have tested your method and manage to change B line as default but however after that our 3 branches the tunneling to HQ is down, Others 3 is ok.

     

    what I do was login to fortigate --> router --> static routes --> edit static routes B line (Distance = 3 Priority = 3)

     

    Why other 3 branches down ? Is there any settings that I miss?

    ===========================================================================

    Hi Toshi

    * I'm assuming a policy or a set of policies is allowing internet access via both interfaces - Yes

    * Below part I not sure and tried your suggestion to check via CLI and there is lot of info and I`m lost while looking for the right info

     

    Currently a default route toward A internet line is wining. Then do you have two static default routes configured in different costs? Or FG600C is pulling DHCP/pppoe default routes from both internet circuits but different distances are set in interface config?

    Bubu
    Bubu
    New Member
    April 26, 2018

    shahruddin wrote:

    Hi Bubu, I have tested your method and manage to change B line as default but however after that our 3 branches the tunneling to HQ is down, Others 3 is ok.

     

    what I do was login to fortigate --> router --> static routes --> edit static routes B line (Distance = 3 Priority = 3)

     

    Why other 3 branches down ? Is there any settings that I miss?

    Regarding VPN tunnels, what do you have as configuration "policy based or route based"? Can you please forward us all active routes?

    get router info routing-table all

     

    Thanks

    Bubu

    Terms & ConditionsAccessibility statement