Hey everybody, Im running into more and more sites where I am having a need for policy routes, but still maintain the ability for failover for multiple WANs.
The bulk of my sites are 60Ds, 200Bs, 300Cs (few hundred sites). Half are independent, half have site-site VPNs with other sites (1-4 points) and a few which may have 20-30 VPNs. The primary firmware we run is 5.2 as that is the highest common firmware between all of them and technicians are all familiar with that firmware. (there is a severe hatred among some of us for 5.4, but not 5.6)
We normally run our dual wans with fast wan priority 10 for static routes, slow wan priority 20, build our inbound rules for both and failover is done via link health monitor so it just removes the routing when that interface has issues. That works great until we have heavy voip servers which best effort just isnt enough. Most connections are coax with 1 or 5 statics. 10% of clients actually have fiber, and another small % has fios.
This puts all traffic out W1, and when W1 fails everything starts going out W2. What we have done in the past is use policy routing to route a specific IP out W2. The problem is I dont see any way and my searches came up empty to have redundant and different priority policy routes because the current setup doesnt allow for if W2 goes down. If W2 goes down that server loses access to the internet but everything else that isnt on that policy route still works using the normal W1 priority static routes.
Another reason why I am needing to do this is put these voip servers on different external IPs so I can operate fixed port nat which is required for proper call setup.
So is this something I can do with 5.2? I am not experienced enough with 5.6. My lab is all decommissioned stuff we have pulled out and only capable of 5.2 or 5.4. We would want to stay away from 5.4 at almost all costs, but would open to 5.6 if some of these hurdles could be overcome. (A lot of these sites dont want to upgrade but we could force their hand to an extent)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.