Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
IronMan
New Contributor III

Connecting WAN & 4G to fortinet. (Dual Internet)

I have 2 internet connections configured in my Fortigate. One is WAN and the other is LAN via a 4G router. I have configured them as port 10 and port 9, and they both function fine.

 

Now, I would like traffic to a specific website to use the 4G router (port 9) instead of the primary port 10. I've read that in order to do this, I need to have 2 static routes and then create a policy route. I've done that, but traffic is still going through port 10. I think it has something to do with my static route for port 9. I can't figure out the gateway address. It doesn't show in the 4G router either. For port 10, I selected "Automatic gateway retrieval" and because it is a PPPoE, the Gateway can be automatically found. But for port 9 since it's a 4G router and connected via a LAN cable, the gateway is still 0.0.0.0. I think that this is the cause.

 

Any idea how else I can get the traffic to use port 9? I'm not looking for load balancing or failover. Just want a specific website to use the 4G.

 

The image below is the static route for port 9. I even tried using the interface IP as gateway and it doesn't work.

IronMan_0-1673526714372.png

 

This is my policy route. 10.10.1.110 is my test computer and speedtest.net is my traffic test site.

 

IronMan_1-1673526991578.png

 

 

1 Solution
Julien87

Hi Ironman,

 

You can found information for routing table and priority, distance in this link (first link).

 

If you want use port 9 and 10, you could use same distance and différent priority. After you can used the policy base rule for send the trafic at the good Interface (second link).

 

Best regards,

 

https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an... 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-the-firewall-Policy-Routes/ta-... 

Julien

View solution in original post

Julien
6 REPLIES 6
Julien87
Contributor II

Hi Ironman,

 

Can you send the result of these commands :

show router static

get router info routing-table all

get router info routing-table database

 

have you a policy for port 2 to port 9 ?

if you disconnect port 10, do you still have internet with the port 9 ?

 

You can also add a route directly to the correct fqdn by the desired interface

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Static-routes-with-address-objects-or-grou... 

Best regards

 

Julien
Julien
IronMan
New Contributor III

Here's the problem. I found out my port 9 isn't working. The configuration is in the image below, can you see anything wrong?  For now, I've disabled the static and policy routes, until this part is sorted out. I have a firewall policy for port 2 to port 9.

 

Additional info: My internal network IP is 10.10.1.x. The 4G router IP is 192.168.8.1. (192.168. is built into the firmware and cannot be changed, only .8.1 can be changed)

 

IronMan_0-1673571934014.png

 

 

Julien87

Hi,

 

ok i read too fast, yesterday i thought the pppoe port was 9.
you can put the ip of your 4g router as a gateway on your interface 9 route.
on the fortinet port 9 interface, I will remove the dhcp because I think it is managed by the router

what is the make and model of the router?

Best regards 

 

Julien
Julien
IronMan
New Contributor III

The router is Huawei B525S-23A.

I got it to work. I switched the Addressing mode for port 9 from Manual to DHCP. This way it automatically gets an IP and Default gateway. In Manual, there is no place for us to specify the gateway.

 

IronMan_1-1673788874271.png

 

 

 

IronMan
New Contributor III

One more thing, how do we set precedence for Firewall Policies? I have 2 firewall policies, one for port 2 to port 9 and the other for port 2 to port 10. Everything is exacly the same the outgoing port. It always seems to favour port 9. I have to disable port 9 to get it to use port 10. I tried switching the policy position by moving it above the other but it doesn't seem to have any effect. (I have disabled Static/ Policy routes to test this firewall policy precedence.)

Julien87

Hi Ironman,

 

You can found information for routing table and priority, distance in this link (first link).

 

If you want use port 9 and 10, you could use same distance and différent priority. After you can used the policy base rule for send the trafic at the good Interface (second link).

 

Best regards,

 

https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an... 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-the-firewall-Policy-Routes/ta-... 

Julien
Julien
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors