Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
ede_pfauThank you ede_pfau. With both default gateway having the same priority, I put in policy route for LAN2 to WAN2, but still only half of the IPs of LAN1 and LAN2 can access Internet. I deliberately changed the gateway address of the outgoing interface (WAN2) to an invalid address, immediately no IP on LAN2 can access Internet. Thus it seems the policy route is working but the result is not what I expected. After changing the priority of the default gateway of WAN2 from 0 to 10, all IPs in LAN1 can access Internet through WAN1. However, All IPs on LAN2 cannot access Internet. The senario is as follows: 0.0.0.0 0.0.0.0 WAN1_gateway priority 0 0.0.0.0 0.0.0.0 WAN1_gateway priority 10 Firewall policy: LAN1 --> WAN1 allow any with NAT LAN2 --> WAN2 allow any with NAT Policy route: Protocol -- 6 Incoming Interface -- LAN2 Source address -- 192.168.1.0/255.255.255.0 Destination address -- 0.0.0.0/0.0.0.0 Destination Ports -- 1~65535 Type of service -- 00 00 Force traffic to -- WAN2 Gateway address -- WAN2_gateway Since the priority of WAN1 is higher than WAN2, I gues that s no need for a policy route for LAN1 to WAN1. Why LAN2 cannot access WAN2 even there is a policy route? Is there something wrong with the settings of the policy route? Have I missed something?
0.0.0.0 0.0.0.0 WAN1_gateway priority 10is a typo, right? should read " WAN2_gateway" 2. delete the default route to WAN2 3. policy route: protocol=0 (6 is TCP only) With no default route pointing to WAN2, the only traffic arriving there must be via the policy route.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.