Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nageentaj
Staff
Staff

Created on ‎04-29-2022 07:07 AM Edited on ‎04-29-2022 07:08 AM By Anonymous

Article Id 210948

Technical Tip: Policy routes with multiple ISP

Description This article describes how to configure policy routes with multiple ISP.
Scope All FortiGate models.
Solution

Following is a set-up where there are two LANs (LAN1 and LAN2) and two WAN (WAN1 and WAN2), configuration shows how to route all LAN1 traffic towards WAN1 and LAN2 traffic towards WAN2 also needs communication between LAN1 & LAN2 and vice versa.

 

Network diagram:

(LAN1)10.32.5.0/24<->port7<->FortiGate firewall<->(WAN1)Port1

(LAN2)10.33.5.0/24<->port3<->FortiGate firewall<->(WAN2)Port2

 

In this scenario:

Create four policy routes as shown below.

 

Route configuration:

Create two policy routes for specific destinations between (LAN1 & LAN2) as shown in step1 and step2.

 

Explanation:


From the configured policy routes, the precedence will take from top to bottom, if the destined traffic is matching the first route it will not match the below routes.

 

nageentaj_0-1651238044435.png

 

From the above image, it can be explained that traffic going from LAN1 to LAN2 will match the first route and traffic going from LAN2 to LAN1 will match route 2.

 

Route 3, will forward the traffic via WAN1, if the source traffic is from LAN1 and if the destination is ex:8.8.8.8 as the traffic will not match the first two routes and it will hit the third route.

 

Route 4 will forward the traffic via WAN2 if the source traffic is from LAN2 and if the destination is example 8.8.8.8 as the traffic will not match the first three routes and it will hit the third route.

 

Step1-> Create a policy route for incoming interface port7 from LAN1 going to LAN2 via outgoing interface port3.

 

nageentaj_1-1651238080010.png

 

Step2-> Create another policy route for incoming interface port3 from LAN2 going to LAN1 via outgoing interface port7.

 

nageentaj_2-1651238094164.png

 

Step3-> Creating a policy route for routing LAN1 traffic towards WAN1 as shown below.

 

nageentaj_3-1651238107498.png

 

Step4-> Creating a policy route for routing LAN2 traffic towards WAN2 as shown below.

 

nageentaj_4-1651238129616.png

 

Create a Firewall policy. Two firewall policies are required. The below image shows the same.

 

nageentaj_5-1651238152986.png

 

Explanation:

 

As per the above image, the first policy is to route the traffic to the specific destination between LAN1 and LAN2.

The second policy explains to route traffic to any destination via a specific wan interface coming via a specific source.

 

The below images show the detail.

 

nageentaj_6-1651238197851.png

 

Step1-> The policy below explains for the communication to happen between LAN1 and LAN2 & vice versa.

 

nageentaj_7-1651238254765.png

 

Step2-> The policy below explains for the LAN1 traffic to route via WAN1 and LAN2 traffic to route via WAN2.

 

nageentaj_9-1651238283316.png



5803
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.