| Description | This article describes how to configure policy routes with multiple ISPs. |
| Scope | FortiGate. |
| Solution |
Following is a setup where there are two LANs (LAN1 and LAN2) and two WANs (WAN1 and WAN2), The configuration shows how to route all LAN1 traffic towards WAN1 and LAN2 traffic towards WAN2 also needs communication between LAN1 & LAN2 and vice versa.
Network diagram: (LAN1)10.32.5.0/24<->port7<->FortiGate firewall<->(WAN1)Port1. (LAN2)10.33.5.0/24<->port3<->FortiGate firewall<->(WAN2)Port2.
In this scenario: Create four policy routes as shown below.
Route configuration: Create two policy routes for specific destinations between (LAN1 & LAN2) as shown in steps 1 and 2.
Explanation: From the configured policy routes, the precedence will be taken from top to bottom. If the destined traffic matches the first route, it will not match the following routes.
From the above image, it can be explained that traffic going from LAN1 to LAN2 will match the first route, and traffic going from LAN2 to LAN1 will match route 2.
Route 3 will forward the traffic via WAN1 if the source traffic is from LAN1 and if the destination is, ex:8.8.8.8 as the traffic will not match the first two routes and it will hit the third route.
Route 4 will forward the traffic via WAN2 if the source traffic is from LAN2 and if the destination is example 8.8.8.8 as the traffic will not match the first three routes and it will hit the third route.
Step 1: Create a policy route for the incoming interface port7 from LAN1 going to LAN2 via the outgoing interface port3.
Step 2: Create another policy route for the incoming interface port3 from LAN2 going to LAN1 via the outgoing interface port7.
Step 3: Creating a policy route for routing LAN1 traffic towards WAN1 as shown below.
Step 4: Creating a policy route for routing LAN2 traffic towards WAN2 as shown below.
Example configuration in the CLI:
config router policy
Create a Firewall policy. Two firewall policies are required. The image below shows the same.
Explanation: As per the above image, the first policy is to route the traffic to the specific destination between LAN1 and LAN2. The second policy explains how to route traffic to any destination via a specific WAN interface coming from a specific source.
The images below show the details.
Step 1: The policy below explains for communication to happen between LAN1 and LAN2 & vice versa.
Step 2: The policy below explains that the LAN1 traffic is to be routed via WAN1, and LAN2 traffic is to be routed via WAN2.
Example configuration in the CLI:
config firewall policy edit 0
get router info routing-table all ---> Check using this command.
Related articles: Technical Tip: Using Policy routes to make two or more LAN subnets use different WAN links |
