Skip to main content
ITGuy87765
ITGuy87765
New Member
November 7, 2019
Question

Routing and Dual WAN

  • November 7, 2019
  • 1 reply
  • 7668 views

Hi All,

I've recently hooked up second internet connection with the intention of testing routing all our offsite backup traffic to it. I've gone round in circles for a couple of days and had some input from a local Fortigate Engineer but yet to have success. The only way I've had any result is specifying an entire subnet which isn't what I'm after.

 

This person seems to have had the exact same issue: https://forum.fortinet.com/tm.aspx?m=149904

 

I would like to specify 1 address from within a subnet and have specific traffic from that server routed through the second WAN connection. Surely there's a way?

 

Edit ** I should mention this is on a par of 60E's in HA running v6.0.5 build0268 (GA) **

 

Thanks in advance

 

 

 

 

 

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    November 7, 2019

    I thought I replied to this post already but somehow doesn't show up.

    The thread you're referring to was for FQDN destination over WAN LLB setup. WAN LLB is now SD-WAN. Are you trying to specify one FQDN destination to go through the added circuit? Then you just need to create an FQDN address object and use it in an SD-WAN rule to use only the circuit.

    ITGuy87765
    ITGuy87765Author
    New Member
    November 7, 2019

    Hey, thanks for the reply.

     

    Yes, I'm trying to specify one FQDN destination to go through the new circuit. I think the thing I'm missing here is SD-WAN, I was hoping to avoid using it as I would have to redefine a portion of my couple hundred policies already in place. More work than I would like for a testing project. PBR routing looked like such a simple solution but I guess that is not the case.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    November 7, 2019

    PBR is a static route with conditions. FQDN is not allowed (I guess it's because NOT static) in static routes.

    Although I haven't tried myself but as long as you set the same default routes to both wan interfaces, then set the first policy for the FQDN dst to the second wan, and the second policy for "all" destinations to the original interface, I think it would work as you intend. 

    Try it to see if it works. If not, you can always to go SD-WAN.

    Terms & ConditionsAccessibility statement