Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dotix
New Contributor

Policy routing and Rule Based Routing

Hello,

 

I have a FortiWifi 60D and 2 ISP lines - 1A and 2B

 

All my users traffic flows through line 1A

when I define a rule to flow their traffic from LAN1 to 2B. it doesnt work at all.

Whenever i define a Policy Route it works but i lose some functionality.

 

i have line 1A defined in static route table as 0.0.0.0/32 to 0.0.0.

and line 2B - x.x.x.x/32 to ISP IP HOP

 

could line 1A definition be a problem?

 

moreover, i tried defining a VIP for line 2B - x.x.x.x mapped to my LAN1

yet i received an error "duplicate entry" - which i found nothing that resembles that entry i was trying to configure.

 

im kind of lost here,

thanks.

7 REPLIES 7
ede_pfau
Esteemed Contributor III

policy routing = rule based routing = policy based routing (PBR)

 

hi,

I cannot really see what you're asking. Traffic to the internet follows the default route which is "0.0.0.0/0" ,  not "/32". This is no actual subnet but a wildcard matching all routes. If your default route points to wan1 then all users will use wan1.

You use a PBR to divert traffic away from the default route. You can match the source address, the service or the destination address in a PBR.

If you want to use both WAN ports equally you would define an identical second default route for wan2.

So, please clarify what your goal and your question is. If you want instructions, please state your firmware version.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Dotix
New Contributor

 

Thanks for the answer, ill clarify what im trying to achieve.

I'm trying to achieve Load Balancing for a specific network.

I have 2 ISPs, as I have stated 1A (WAN1) and 2B (WAN2).

Currently both lines are defined as static route with the value 0.0.0.0/0

Both lines are set to equal weight.

 

However, No traffic flows through 2B. Even though I have rules defined to specific networks to use WAN2 and placed first in the sequence. I also tested it by disconnecting line 1A - no traffic.

 

Furthermore, when I defined PBR for that 1 specific network, I lost part of my services - like some users can get mails via Office365 and some don't (everything in Office365 - DNS/MX/Etc.. is defined correctly else it wouldnt work at all without LB)

 

I hope this is sufficient, I can provide more details if needed.

 

 

 

Dotix
New Contributor

I've been redefing it from scratch this whole morning.

so far:

If I configure all my services and appropriate records to point to wan2 solely - works like a charm

if i do the same for wan1 - work great

 

when i try to define them both, in conjuction using the same configurtions and doubling up records - only wan1 works even if i define higher weight and priority.

 

 

vjoshi_FTNT

Hi Dotix,

 

Make sure there are 2 default routes (via wan1 and wan2 both)

 

You can verify with command 'get router info routing-table details'

If you want both the routes to be active, you should have the distance of both the default routes to be same.

Coming to the priority, lower the priority, higher the privilege.

 

Say:

Wan1 default route : Distance : 10 ; priority 0 (default)

Wan2 default route : Distance : 10 ; priority 10

 

In the above case, only WAN1 route is used. However, the Wan2 route still there in the routing table, which can be used with policy based routes, VIP

 

Hope that helps.

 

 

 

Dotix

Hi,

Thanks for the replies.

 

I've tried that - it doesn't work.

No matter what i've tried - the balancing doesnt work

vjoshi_FTNT

Hello Dotix,

 

Could you please attach the config file?

 

 

claumakurumure
New Contributor III

Hi There,

 

If you disconnect one link and there is no traffic then it means there is definitely a misconfiguration. First make sure you each link works perfect on its own.

 

Thanks and Regards

 

C

hezvo uko