Two Internet connections, can't get a VIP on the second one to work

Forum|Forum|9 years ago
March 2, 2017
1 reply
4863 views

This seems like it would be so simple, but I've been trying all week to get a VIP from the static pool on our second ISP connection to work.

Yesterday I broke out the diagnose debug flow filter and started looking at traffic sent to the VIP. I'm getting "reverse path check fail, drop"

So it looks like the Fortigate is getting traffic on the VIP on the second ISP connection, then trying to route it back out our primary ISP. I guess that makes sense, as the default route is set to the primary. So Reverse Path Forwarding must be dropping the packets.

But what do I need to do to get this working? Get a default route to the secondary ISP in the routing table?

5.2

rwpatterson

New Member

I recall a thread on this or a similar subject less than two weeks ago. Something to do with a global setting for VIP NATting the outbound address... Take a deep dig through the forums, maybe under routing.

treeborgAuthor

New Member

Oh boy, yep, it was right there a few down from mine: https://forum.fortinet.com/tm.aspx?m=80552

I searched, I swear!

All I had to do was create another default route to the second ISP gateway, same administrative distance, but gave it a priority of 100 under advanced options.

Now the route is in the routing table, and the VIP works!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded