Skip to main content
reverien
reverien
New Member
May 15, 2025
Solved

Two WANs for different purposes

  • May 15, 2025
  • 3 replies
  • 788 views

hi all, I have a fortigate 1100E and need to set up two WANs

I need WAN1 to handle internet for users and WAN2 to handle the traffic for  applications that are accessible from the internet.

the problem is that the users and applications are all in the same LAN and the default route in the fortigate goes to the WAN1.

how can I force the reply of  traffic that came from WAN2 to LAN(application data) to not use the default route that goes to the WAN1 and use the WAN2 Path?

Best answer by Toshi_Esumi

Based on your description, I assume you don't use SD-WAN. If SD-WAN it should have taken care of by the original setting, having a default route to all wan interfaces.
Simple fix without implementing SD-WAN is to put in place a static default route with a higher number (lower priority) of "priority" but with the same admin distance with the primary default route to wan2. This would let the return packets for the sessions initiated by the incoming access to wan2, while all in-to-out sessions initiated by internal devices/applicaitons to go out through wan1.

Toshi

3 replies

Toshi_Esumi
SuperUser
Toshi_EsumiAnswer
SuperUser
May 15, 2025

Based on your description, I assume you don't use SD-WAN. If SD-WAN it should have taken care of by the original setting, having a default route to all wan interfaces.
Simple fix without implementing SD-WAN is to put in place a static default route with a higher number (lower priority) of "priority" but with the same admin distance with the primary default route to wan2. This would let the return packets for the sessions initiated by the incoming access to wan2, while all in-to-out sessions initiated by internal devices/applicaitons to go out through wan1.

Toshi

reverien
reverienAuthor
New Member
May 15, 2025

Thank you Toshi_Esumi for your reply, but I have already aplied that solution but the reply to the incoming traffic via the WAN2 are still blocked. there no any other option to implement this??

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
May 15, 2025

Please share us the first part of output "get router info routing-t all" like below.

 

fg40f-utm (root) # get router info routing-t all
*** snip ***

Routing table for VRF=0
S* 0.0.0.0/0 [1/0] via x.x.x.x, a, [1/254]
                    [1/0] via XXXXviaYYYY tunnel y.y.y.y, [1/253]
                    [1/0] via z.z.z.z, ppp3, [100/255]

 

Toshi

Terms & ConditionsAccessibility statement