Description | This article describes how to configure policy routes with multiple ISP. |
Scope | FortiGate |
Solution |
Following is a set-up where there are two LANs (LAN1 and LAN2) and two WAN (WAN1 and WAN2), configuration shows how to route all LAN1 traffic towards WAN1 and LAN2 traffic towards WAN2 also needs communication between LAN1 & LAN2 and vice versa.
Network diagram: (LAN1)10.32.5.0/24<->port7<->FortiGate firewall<->(WAN1)Port1 (LAN2)10.33.5.0/24<->port3<->FortiGate firewall<->(WAN2)Port2
In this scenario: Create four policy routes as shown below.
Route configuration: Create two policy routes for specific destinations between (LAN1 & LAN2) as shown in step1 and step 2.
Explanation:
From the above image, it can be explained that traffic going from LAN1 to LAN2 will match the first route and traffic going from LAN2 to LAN1 will match route 2.
Route 3, will forward the traffic via WAN1, if the source traffic is from LAN1 and if the destination is ex:8.8.8.8 as the traffic will not match the first two routes and it will hit the third route.
Route 4 will forward the traffic via WAN2 if the source traffic is from LAN2 and if the destination is example 8.8.8.8 as the traffic will not match the first three routes and it will hit the third route.
Step1: Create a policy route for incoming interface port7 from LAN1 going to LAN2 via outgoing interface port3.
Step 2: Create another policy route for incoming interface port3 from LAN2 going to LAN1 via outgoing interface port7.
Step 3: Creating a policy route for routing LAN1 traffic towards WAN1 as shown below.
Step 4: Creating a policy route for routing LAN2 traffic towards WAN2 as shown below.
Create a Firewall policy. Two firewall policies are required. The below image shows the same.
Explanation:
As per the above image, the first policy is to route the traffic to the specific destination between LAN1 and LAN2. The second policy explains to route traffic to any destination via a specific wan interface coming via a specific source.
The below images show the details.
Step 1: The policy below explains for the communication to happen between LAN1 and LAN2 & vice versa.
Step 2: The policy below explains for the LAN1 traffic to route via WAN1 and LAN2 traffic to route via WAN2.
Technical Tip: Using Policy routes to make two or more LAN subnets use different WAN links |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.