Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bart
New Contributor

FortiGate 80C - two ISP no routing

Hello,

 

from few days I try to set up router to using two ISP. I have virtual IP 79.10.10.245->192.168.1.5 on WAN1. I would like to use WAN2 for only one internal IP (192.168.1.15) and others internal IPs should go out via WAN1. I set up WAN2 (outside IP), added static route and police routes. Now the traffic for 192.168.1.15 goes via WAN2 but there is no routing between 192.168.1.15 and virtual IP 79.10.10.245. From 192.168.1.15 I can ping 192.168.1.5 and WAN1 router IP 79.10.10.242 but I can't ping 79.10.10.245.

 

WAN1 79.10.10.242/28

WAN2 80.10.10.242/28

Mail server IP: 79.10.10.245 /internal 192.168.1.5/

 

Static route:

WAN1:

destination:0.0.0.0/0.0.0.0

device: wan1 

gateway: 79.10.10.241

distance:10

priority:0

 

WAN1:

destination:0.0.0.0/0.0.0.0

device: wan2

gateway: 80.10.10.241

distance:10

priority:5

 

Policy routes:

Procotol: all

Inncoming interface: internal

Source: 192.168.1.15

Destination: 0.0.0.0/0.0.0.0

Outgoing interfece: WAN2

Gateway:  80.10.10.241

 

I would like to ask You to try help me.

 

Thank You,

Bart.

 

2 Solutions
Rafael_Freire
New Contributor II

Bart wrote:

Hi,

 

I put to the post.

 

Bart.

Can you create a police route like bellow, putting the new PBR down of the wan2 policy? 

Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway:  79.10.10.241

 

View solution in original post

ashukla_FTNT
Staff
Staff

Make sure the vip is set to interface as any not wan1.

 

Then create a policy route like following:

 

Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway:  (blank)

 

Make sure this route is above of the any other policy route as policy routes are executed in sequence.

View solution in original post

6 REPLIES 6
Rafael_Freire
New Contributor II

Hello,

I didn't understand all points . Can you post the result of " show static router" and " show router policy" here?

 

Regards,

Rafael Freire

 

Bart

Hi,

 

I put to the post.

 

Bart.

Rafael_Freire
New Contributor II

Bart wrote:

Hi,

 

I put to the post.

 

Bart.

Can you create a police route like bellow, putting the new PBR down of the wan2 policy? 

Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway:  79.10.10.241

 

Bart

Didn't help :(

ashukla_FTNT
Staff
Staff

Make sure the vip is set to interface as any not wan1.

 

Then create a policy route like following:

 

Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway:  (blank)

 

Make sure this route is above of the any other policy route as policy routes are executed in sequence.

Bart
New Contributor

Guys works perfect !

 

Solution:

- change virtual ip to any interface

- add policy rutes above all like:

 

Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway:  (blank)

 

 

Thank You a lot!