Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SeakleangHeng
New Contributor

Policy routing with back up ISP

I have 2ISP link, and want

- subnet 192.168.1.0/24 primary link ISP1 and backup link ISP2

- subnet 192.168.2.0/24 primary link ISP2 and backup link ISP1

i don't have any idea how to configure in this scenario. Is anyone know please kindly advice me?

 

Thanks in advanced. 

2 REPLIES 2
adash_FTNT
Staff
Staff

Step 1:-

make sure the static routes for ISP 1 and ISP 2 have same distance and priority.(If you want to make sure both routes  should be active at the same time)

 

Step 2:-

go to router>settings and add link health monitor for both ISP1 and ISP2

 

for example for ISP1:-

 

Name: ISP1_probe Interface : WAN1  Gateway: the ISP1 gateway IP Probe Type   :Ping Server:8.8.8.8   similarly add for the ISP2 as well.     Step 3:- make sure you have allow policies from 192.168.1.0 interface to WAN1 and WAN2 both to allow the traffic and also 192.168.2.0 interface to WAN1 and WAN2 both.     Step 4:-   To tell the fortigate which subnet will use which ISP, you need to add policy route as mentioned in the example below   go to router>policy route and add the 2 routes as mentioned below     for 192.168.1.0 to go via ISP2:   Protocol:any Incoming interface : internal 1 or the required interface which is assigned with 192.168.1.0 Source address / mask: 192.168.1.0/24 Destination address / mask : 0.0.0.0/0.0.0.0 Outgoing interface : wan2 Gateway Address: the ISP 2 default gateway address     for 192.1682.0 to go via ISP1:   Protocol:any Incoming interface : internal 2 or the required interface which is assigned with 192.168.2.0 Source address / mask: 192.168.2.0/24 Destination address / mask : 0.0.0.0/0.0.0.0 Outgoing interface : wan1 Gateway Address: the ISP 1 default gateway address     the policy route will take precedence over static route. and if the interface goes down, it will take the other active route.

dnayak_FTNT
Staff
Staff

Hi,

 

You can simply create a policy route for each source subnet and then selecting corresponding outgoing interface / gateway according to their primary ISP.

 

To create policy route in GUI, go to router > static > policy routes.

 

In this case if the primary route goes down, the traffic will take the secondary route.

 

Regards,

Deepak