PPPoE backup as failover to specific VLANs only

Forum|Forum|7 years ago
February 2, 2019
2 replies
9310 views

Hi,

I have a FortiGate 200E connected to Core Switch (HP Aruba 5406R). WAN1 is configured as the primary connection on the FortiGate for all VLANs traffic. Now I want to configure a PPPoE backup connection on WAN2 as a failover only to 2 specific VLANs but not all. Do I need to setup OSPF on both HP switch and FortiGate or there's any other simple solution for this. I would really appreciate your help if someone has experience with this scenario. Thanks a lot in advance.

Regards,

Mohammad

lobstercreed

New Member

You need to use policy routing to force traffic for all but those two VLANs to use WAN1. Leave the two VLANs you want to fail over out of the policy route and they will follow whatever the routing table gives them. (This assumes you're using a floating static default route or something for WAN2.)

ahmedsf

New Member

Absolutely right as lobstercreed suggested, you need to create policy routes for the specific VLAN's traffic to go through WAN2. There is no need to create OSPF either on switch or FW.

Regards,

Syed

Toshi_Esumi

SuperUser

I think maimaq meant all internet traffic from all internal vlans go out to the internet via wan1 (including those 2 vlans), and when wan1 goes down only internet traffic comeing from those 2 vlans fails over to wan2.

Is this correct?

If so, set proper policies toward wan1 and wan2 (limit to only two vlan sources), and two static default routes (priority 0[default] on wan1 and priority 10[lower priority] to wan2), and then set a proper "link-monitor" (there are many discussions on the foruum and FTNT on-line documents available) toward wan1 to remove the wan1 default route when it goes down. That would do it.

ahmedsf

New Member

Offcourse yes he meant so, he must have a policy for all the VLAN's (including 2 VLAN's) towards WAN1 and in case if WAN1 gets down, the policy based route will allow only 2 VLAN's in subject to go from WAN2. Indeed there is a need to create a link monitor (with priorities) which keeps on checking the heartbeat and move the traffic to WAN2 (from specific VLAN's) when WAN1 is down.

Regards,

Syed

maimaqAuthor

New Member

Thank you so much @lobstercreed, @Toshi and @ahmedsf for your quick response. And thanks Toshi for clarification, you absolutely got my point, that's how I want. The reason we want to direct traffic only from two VLANs, because they are critical and wan2 is 9Mbps (low speed).

I watched a Fortinet video on failover to backup connection exactly the way you guys explained "setting 2 default routes with link-monitor" but I was not sure when the primary connection goes down only limited Vlans traffic can be directed to wan2 using policy.

I am waiting for my client confirmation to schedule a downtime to implement this. Will keep you posted if this worked or not. Thanks a lot and have a great day/night :)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded