Skip to main content
hoyty
hoyty
New Member
November 4, 2016
Solved

WAN Link Load Balancing vs. policy Source Address question?

  • November 4, 2016
  • 2 replies
  • 5384 views

I am prepping a new Fortigate 240 running 5.2.9 to be installed. I have two WAN links. One is primary incoming with public IP and outgoing web. The second is mostly for VOIP and redundancy. I setup a WLLB with the two interfaces. I am now trying to setup policies. I have 1-2 rules that I want to do source (IP / domain) filtering on with Virtual IP NAT to internal server from WAN1. In the address object setup you cannot choose interface wan-load-balance only wan1 / wan2 or any. I know the traffic will come in WAN1 since that is where public IP is. Then when I create policy I must choose incoming interface of wan-load-balance since wan1 / wan2 aren't available in drop down. When I do this however it removes the address I created for wan1 from the drop down list of source addresses?

 

Since I am using WWLB with the two wan interfaces do I need to choose any as interface for address object? Is there something I am missing here?

 

I just want to make sure I am load balancing outgoing traffic while maintaining correct policy routing for public IP -> Internal IP server.

 

Thanks.

Best answer by Fullmoon

technically if you enabled WAN LLB, once you create a rule/policy from internal to internet you cant choose either WAN1 or WAN2 its always internal to WAN LLB , same as well if you create a rule/policy for incoming traffic, wherein you have Virtual IP enabled. WAN LLB to Internal.

 

Now if you wish some of you internal computer/s utilize WAN1 or WAN2 then you can use Policy Based Route (PBR) rule.

 

2 replies

Fullmoon
Fullmoon
New Member
November 5, 2016

technically if you enabled WAN LLB, once you create a rule/policy from internal to internet you cant choose either WAN1 or WAN2 its always internal to WAN LLB , same as well if you create a rule/policy for incoming traffic, wherein you have Virtual IP enabled. WAN LLB to Internal.

 

Now if you wish some of you internal computer/s utilize WAN1 or WAN2 then you can use Policy Based Route (PBR) rule.

 

Fullmoon
FullmoonAnswer
New Member
November 5, 2016

technically if you enabled WAN LLB, once you create a rule/policy from internal to internet you cant choose either WAN1 or WAN2 its always internal to WAN LLB , same as well if you create a rule/policy for incoming traffic, wherein you have Virtual IP enabled. WAN LLB to Internal.

 

Now if you wish some of you internal computer/s utilize WAN1 or WAN2 then you can use Policy Based Route (PBR) rule.

 

hoyty
hoytyAuthor
New Member
November 7, 2016

Thanks for the reply. I ended up setting the objects to any rather than WAN1 and that seems to have worked. It just wasn't logical to me since I know inbound traffic to servers will only be on WAN1 due to IP address in DNS.

Terms & ConditionsAccessibility statement