FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the effect of setting up distance on the WAN interface in a multip-WAN interface scenario.
Scope
Multiple ISP circuits connected to the firewall where one WAN interface is set with a distance shorter than static routes, FortiGate.
Solution
When the WAN interface is set up to obtain IP using DHCP and gateway from the ISP modem, sometimes that automatically sets the distance on the interface to 5 by default.
In a deployment where multiple ISP circuits are connected to the firewall, the Interface with the shortest distance would be considered the best route even if there is no static or default route configured yet for that interface which will cause the traffic to egress using that interface and to be dropped for “reverse path check failure” if the incoming traffic is hitting the other WAN interface.
The distance can be unset on the interface using CLI config below:
config sys interface
edit wan1
unset distance
end
Another solution is to lower the distance on the default route or match it to the distance set on the WAN interface that does not have a default route set for it yet:
config router static
edit 1
set distance 5 <----- Matching the other WAN interface or can be lower to install a single route in the routing table for the same destination.
