I have 2 internet connections configured in my Fortigate. One is WAN and the other is LAN via a 4G router. I have configured them as port 10 and port 9, and they both function fine.
Now, I would like traffic to a specific website to use the 4G router (port 9) instead of the primary port 10. I've read that in order to do this, I need to have 2 static routes and then create a policy route. I've done that, but traffic is still going through port 10. I think it has something to do with my static route for port 9. I can't figure out the gateway address. It doesn't show in the 4G router either. For port 10, I selected "Automatic gateway retrieval" and because it is a PPPoE, the Gateway can be automatically found. But for port 9 since it's a 4G router and connected via a LAN cable, the gateway is still 0.0.0.0. I think that this is the cause.
Any idea how else I can get the traffic to use port 9? I'm not looking for load balancing or failover. Just want a specific website to use the 4G.
The image below is the static route for port 9. I even tried using the interface IP as gateway and it doesn't work.
This is my policy route. 10.10.1.110 is my test computer and speedtest.net is my traffic test site.
Solved! Go to Solution.
Hi Ironman,
You can found information for routing table and priority, distance in this link (first link).
If you want use port 9 and 10, you could use same distance and différent priority. After you can used the policy base rule for send the trafic at the good Interface (second link).
Best regards,
Hi Ironman,
Can you send the result of these commands :
show router static
get router info routing-table all
get router info routing-table database
have you a policy for port 2 to port 9 ?
if you disconnect port 10, do you still have internet with the port 9 ?
You can also add a route directly to the correct fqdn by the desired interface
Best regards
Here's the problem. I found out my port 9 isn't working. The configuration is in the image below, can you see anything wrong? For now, I've disabled the static and policy routes, until this part is sorted out. I have a firewall policy for port 2 to port 9.
Additional info: My internal network IP is 10.10.1.x. The 4G router IP is 192.168.8.1. (192.168. is built into the firmware and cannot be changed, only .8.1 can be changed)
Hi,
ok i read too fast, yesterday i thought the pppoe port was 9.
you can put the ip of your 4g router as a gateway on your interface 9 route.
on the fortinet port 9 interface, I will remove the dhcp because I think it is managed by the router
what is the make and model of the router?
Best regards
Created on 01-15-2023 01:10 AM Edited on 01-15-2023 05:24 AM
The router is Huawei B525S-23A.
I got it to work. I switched the Addressing mode for port 9 from Manual to DHCP. This way it automatically gets an IP and Default gateway. In Manual, there is no place for us to specify the gateway.
One more thing, how do we set precedence for Firewall Policies? I have 2 firewall policies, one for port 2 to port 9 and the other for port 2 to port 10. Everything is exacly the same the outgoing port. It always seems to favour port 9. I have to disable port 9 to get it to use port 10. I tried switching the policy position by moving it above the other but it doesn't seem to have any effect. (I have disabled Static/ Policy routes to test this firewall policy precedence.)
Hi Ironman,
You can found information for routing table and priority, distance in this link (first link).
If you want use port 9 and 10, you could use same distance and différent priority. After you can used the policy base rule for send the trafic at the good Interface (second link).
Best regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.