Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RedRhombus
New Contributor

Failover Internet to Teltonika RUT240 4G

I'm looking for advice on configuring failover internet to a Teltonika RUT240 (WAN2) in passthrough mode.   As soon as I plugged in the WAN2 interface the connection would drop until I added a firewall policy to allow traffic over WAN2 on investigation I found that a static route was being created with the same admin distance as WAN 1   I tried configuring it using the guide here which almost worked except that some traffic was still being routed out of the WAN2 interface (Teltonkia) when both connections were up despite a higher priority on the default route.   I determined this as my WAN IP as detected from a connected device was the IP of the 4G connection and tracert went out over the 4G network.   In addition to failover internet the Teltonkia connection will be used for emergency VPN access which I have tested and is working.   The above was tested on a 60D running 6.0.4 but will be used in production on various models running 6.4.6 and 6.0.12. The other problem is having to configure duplicate policies for WAN1 and WAN2. Should I be looking at using SD-WAN instead?
1 REPLY 1
Mohit_S
Moderator
Moderator

Hello RedRhombus,

 

Can you confirm prior to plugging WAN2 interface there is no static route for WAN2?

 

If no which means WAN2 addressing mode is dynamic and the route is created when you plug in WAN2. Therefore if there is an existing route with the same Administrative Distance of the existing WAN, then the traffic would be load balanced between the WAN interfaces. You can set the priority on the interface if a dynamic route is added.

Example:

 

#config system interface
    edit "WAN2"
        set priority <#>
    next
end

 

Also, you can configure SDWAN as an alternative.

 

If the issue is regarding creating duplicate policies for WAN1 and WAN2 then you can enable the feature "Multiple Interface Policy". After enabling this feature your would be able to add both interfaces like WAN1 and WAN2 to one policy. Link mentioned below

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-the-configuration-of-policies... 

 

 

 

Mohit - Fortinet Community Team