Skip to main content
A
Anonymous_User
Contributor
July 22, 2004
Question

Multiple Gateways

  • July 22, 2004
  • 23 replies
  • 18117 views
We have just upgraded to Version 2.8 of the Fortigate OS. We used to be able to have 2 gateways setup per static route as we have both a leased line and ADSL connection running at the same time. This feature no longer seems to be available, as we would like to do source routing and our web browsing traffic out our ADSL line. Can this still be done?

    23 replies

    UkWizard
    UkWizard
    New Member
    July 23, 2004
    Yes it can be done, in this version you can do it within the gui now. Have a look at the ROUTER-->POLICY menu section. Then just create a policy to say web traffic use this default gateway.
    A
    Anonymous_UserAuthor
    Contributor
    July 23, 2004
    We' ve tried this but when you do a tracert it goes to the firewall then to our ADSL Router then stops. Its as if the traffic goes out but can' t get back.
    UkWizard
    UkWizard
    New Member
    July 23, 2004
    Make sure you have a policy rule that performs Nat, as it sounds like it isnt. if you are confident this isnt the case, try sniffing the traffic from the command line and see whether it is performing nat.
    A
    Anonymous_UserAuthor
    Contributor
    July 23, 2004
    We' ve checked the rules and it NAT is checked. Is there any way of testing that its performing NAT?
    UkWizard
    UkWizard
    New Member
    July 23, 2004
    Connect to the CLI and sniff the traffic on the external interface for http traffic, like so; diag sniff sniff external ' tcp 80' source should be the external IP of the corresponding connection.
    A
    Anonymous_UserAuthor
    Contributor
    July 23, 2004
    I' ve run the sniffer and firewall appears to be doing NAT
    UkWizard
    UkWizard
    New Member
    July 23, 2004
    Are you 100% confident that the ADSL is actually up and working ?
    A
    Anonymous_UserAuthor
    Contributor
    July 23, 2004
    We thought that might be the case but you can tracert to it using and external tracert service. As we have just moved Leased Line providers we still have our old one working so I thought I would try it using that line, but we still get the same thing. You see the traffic going out, the response coming back but no website.
    UkWizard
    UkWizard
    New Member
    July 23, 2004
    whats the outbound rules configuration ?
    A
    Anonymous_UserAuthor
    Contributor
    July 23, 2004
    This is our setup. Internal = Internal Network DMZ = DMZ External = External Leased Line Port1 = ADSL Connection Internal -> Port1 Internal_All -> Port1 Always, Any Service, Accept, NAT
    Show more replies
    Terms & ConditionsAccessibility statement