Separate WAN for different VLAN

Forum|Forum|1 year ago
January 17, 2025
2 replies
1884 views

We currently have two ISPs setup as an SD-WAN on a Fortigate 200 in an HA pair. We need to add a third ISP, but we do not want to make the third ISP a part of the SD-WAN. The third ISP will be used exclusively for a specific internal VLAN and a specific type of traffic.

That is, we need to direct a specific VLAN out the third ISP. The specific VLAN only should go out the "third WAN."

I found another forum post that seems to indicate that this is possible:

https://community.fortinet.com/t5/Support-Forum/Multiple-WANs-for-separate-LANs/m-p/95377#M95287

The VLAN is currently going out our SD-WAN.

If I have it correct that such a setup is possible, what are the steps?

1) Add ISP to the Fortigate.

a) Configure an available port with info for ISP.

2) Create a Firewall policy for VLAN to go out ISP #3.

3) Create a Policy Route to direct WAN traffic from the specific VLAN out ISP #3

Does this sound right? Any other considerations/concerns?

FortiGate

dingjerry_FTNT

Staff

Hi @peter-supply ,

I am not sure whether you have VDOM or not. Anyway, if 3 default routes are in the same place (VDOM, same routing table) , make sure that they have the same AD.

The rest of them seems good to me.

peter-supplyAuthor

New Member

We do not use VDOM. Do you have any recommendations as to how the Policy Route be setup? Thanks.

dingjerry_FTNT

Staff

Let's call the interface facing the VLAN "VLAN-Interface", the VLAN is called "VLAN-subnet".

The Source Interface is "VLAN-Interface";

The Destination interface is the interface connecting ISP#3;

Source address is "VLAN-subnet";

Destination address is all.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded