Skip to main content
comas17
comas17
New Member
October 26, 2015
Solved

Route traffic to wan1 and wan2 basing on the destination address

  • October 26, 2015
  • 1 reply
  • 17746 views

Hi all in our office (branch office) we have a Fortigate 60C and we are currently connected on one only ISP; FGT-60C configuration is quite simple: all internal traffic goes to wan1 There is also a static VPN configured with our headquarter so we have also a couple of static ruotes and some policies to route voip traffic to our switchboard (located on headquarter) and also traffic to our internal network located in our headquarter Now in the branch office we want to add another ISP connection; it will be PPoE and it will be connected to wan2 We want to configure in this way  - Internal traffic going to web (all external addresses) goes through wan2 (the new connection)  - Internal traffic going to headquarter goes to VPN configured in wan1 What do I need to configure ? Do I need to configure a new policy "internal - wan2" (all - all - accept) and disable the current one "internal - wan1" ? I suppose I will need to change/add also the current static routes; how ? Thank you Corrado

    Best answer by gschmitt

    comas17 wrote:

    Create a new policy route going to your HQ network from destination interface internal and set it to Stop Policy Routing Create a new policy route going to 0.0.0.0/0.0.0.0 with destination interface internal and set it to wan2

     

    Make sure Advanced Routing is enabled in the Features

     

    Go to Router > Static > Policy Routes and select Create New

    Protocol ANY

    Incoming Interface internal (where your clients are located)

    Source address / Mask: The network of your clients (like 192.168.1.0/24)

    Destination address / mask: your HQ network (like 10.1.1.0/24

    Action Stop Policy Routing

     

    This basically tells the FortiGate that, if the above conditions are matched, to drop back to your static routes

     

    Now create a new policy route same as above but:

    Destination address / mask: 0.0.0.0/0.0.0.0

    Action: FOrward Traffic

    Outgoing Interface: wan2

    Gateway Address: your ISP Gateway (this should be listed on the info your ISP gave you=

    1 reply

    gschmitt
    gschmitt
    New Member
    October 27, 2015

    Keep the old routes in place

    Create a new policy internal to wan2 as you said

    Create a new policy route going to your HQ network from destination interface internal and set it to Stop Policy Routing

    Create a new policy route going to 0.0.0.0/0.0.0.0 with destination interface internal and set it to wan2

    comas17
    comas17Author
    New Member
    October 27, 2015

    thank you

    I cannot find how to configure this "Stop Policy Routing". I searched on the kb and I found this

    http://kb.fortinet.com/kb/documentLink.do?externalID=FD35136

    but I do not have these options on my FGT-60C (firmware is 5.2.1)

    Thank you

    gschmitt
    gschmitt
    New Member
    October 27, 2015

    comas17 wrote:

    I cannot find how to configure this "Stop Policy Routing". I searched on the kb and I found this

    http://kb.fortinet.com/kb/documentLink.do?externalID=FD35136

    but I do not have these options on my FGT-60C (firmware is 5.2.1)

    Thank you

    Interesting? The very article you linked says "added in 5.2." so you should have it...

     

    In that case just set it to your tunnel interface

    Terms & ConditionsAccessibility statement