Hello!
I've two ISP link configured on two separate SD WAN rules.
When my primary ISP link is activated, the DNS and FortiGuard works only with the "source-ip" configured:
Everything OK!
My problem is when the secondary ISP is activate. The DNS and Fortiguard stop to work(dns unreachable)! In this case, i needed "unset" the "source-ip" to get it working again.
My question:
Is there any configuration so that DNS and Fortiguard continue to work on both links? Without having to make these "source-ip" settings manually.
Hi Fabia
I guess you have one public IP on the first WAN interface (PPPoE), and pne public IP + one private IP on the second WAN interface.
In that case I recommend one of the two solutions :
In both cases you will unset the source-ip once for all.
Hello!
My first link(WAN1) is used to access internet and L2L to access my servers on external datacenter.
My second link(WAN2) is used to backup link and used to supply internet to guest vlans.
I'll try to configure a local DNS Server, thanks!
How do you have the interface select method configured? In cli;
config system dns
set interface-select-method sd-wan
By default this would be set to auto
Hello!
I've already tested this configuration "set interface-select-method sd-wan". Not works in my case!
Have you tried investigating why you have to configure "source-ip" in the first place? It's better to find out what the problem is first before looking for the solution. you may have misconfigured routing or SD-WAN rules.
Try removing "source-ip" configuration while the primary ISP is active, and run sniffer and debug flow commands on FGT to trace the local-out DNS traffic and share the output here
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.