Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Supi
New Contributor

Changing WAN interface

Hi, we have an ISP change going and we have to change the default route to the internet. This means that the interface and the firewall wan ip is going to change. How does the ssl.root interface react to the change. I have tried to find the answer on the documentation, but have not found out. The scenario is like this: - wan1 interface has ip 1.1.1.1 and the ssl vpn users connect to that - wan2 is the new interface and has ip 2.2.2.2 - when I change the default route to 2.2.2.2, does the SSL VPN change at the same time?
4 REPLIES 4
Fullmoon
Contributor III

based on your example your wan1 has 1.1.1.1 ip address and your ssl vpn users connected via 1.1.1.1, however you changed your wan1 ip address to 2.2.2.2 which means ssl vpn users must use 2.2.2.2 ip address in order to perform ssl vpn connection. you must change also the default route (static route), apply the default route of 2.2.2.2

Fortigate Newbie

Fortigate Newbie
Supi
New Contributor

Hi, no, we have not yet changed the default route, but I needed to know if the default route will also change the ssl.root interface from wan1 to wan2 (wan1, 1.1.1.1 and wan2 2.2.2.2). Default route is still 1.1.1.1/0.0.0.0 and the vpn users connect to 1.1.1.1. When I change the default route to 2.2.2.2/0.0.0.0, will the users ssl vpn connection ip change at the same time? Also, do I need to remake rules, or does the unit take care of ssl.root -policies?
rwpatterson
Valued Contributor III

You will need to duplicate every policy that includes WAN1. You best bet would be to make a backup, and copy out all the WAN1 policies, then batch change with a text editor and paste back into your config.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Supi
New Contributor

Yes, the duplication completed. There was about 50 rules on the wan1 interface. I did it with the GUI. Just cloned the rule and changed the interface. Also, I tested the SSL VPN by routing one internet IP to wan2. It worked perfectly, so I don´t see any reason why it wouldn´t work when I route all of the traffic trought the wan2 interface.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors