- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Routing issues with vdoms and dual ISPs
Hello,
I am having issues in getting this dual-ISP set up to work with vdoms.
There are currently two vdoms in the virtual fortigate root & vdom-1.
Each vdom has a seperate ISP with different IP-ranges.
Traffic through ISP1 is directly NAT:ed through VIP described and default route is pointed towards ISP1.
My issues are that when people connect on the VIP that is on ISP2 all traffic seems to route from server out on ISP1 because of default route.
Is it possible to have a setup like this and do utilize both ISPs to connect to the local server 172.0.10.17?
This time around we need to source NAT everything comming in on ISP2 to the vlink-interface 10.0.0.1 for the traffic to return to ISP2.
However this is not a valid solution as we need to see original-source IP logged on the server etc.
It seems like the TCP-sessions dosen't return the traffic from it original source when we do not use source NAT.
Is there anyway to solve this problem and to use both ISPs communication with the local server?
- Labels:
-
General
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
Can you share this output:
get router info routing-table details 8.8.8.8
When the packet comes from VIP2 to root VDOM without NAT, traffic should get dropped at root vdom because of reverse path check fail, as you have only active root towards ISP1.
But you mentioned packet reply is going towards ISP1? it should not happen.
The solution i can think at this point is to create default route towards 10.0.0.1 with high priority, so reply traffic it will take that route.
At the same time your LAN to WAN traffic will prefer the existing ISP1 as it has less priority
