there is several Roouters connected to my FortiGate for Internetaccess. Each is connected to one Port and that port and the router share a subnet. All Interfaces that are connected to routers for internet are members of sd-wan for load balancing.
The Policy for internet then is:
-incoming interface/address = where the traffic comes from
- outgoing interface = sdwan
- outgoing address = ANY
NAT enabled using the destination interface ip.
Since sdwan cares for the routing the packets will get NATed with the ip of the interface they have to go out to the internet. Works fine so far.
Instead of sdwan you could of course use a single wan too...
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams