Hi All.
Question.
We have dual WAN links WAN1 and WAN2. All our webservers are using WAN1 addresses which are then translated through VIP. However if WAN1 goes down how can WAN2 act as the new link for the webservers/email etc. I can get our ISPs to redirect the traffic no problem and I can send the outbound traffic. However when the inbound traffic comes in through WAN2 how can it still get to the webservers whose addresses exist on WAN1. Could I effectively have a policy to allow all traffic from WAN2 to WAN1 ?
I hope this makes sense.
Also we are looking at implementing SDWAN, would this help?
many thanks
Chris.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @ChrisM589 ,
You can add wan2 IP address as a second IP in the DNS record of web server. DNS server will return both IPs and if wan1 cannot connect the browser will try the second in the list. For your email server you can do the same with the mx record with wan2 having higher preference. MUA will connect to wan2 if tcp handshake fail with wan1.So you will need a VIP on wan2 as well.. This is easier way. You can also run BGP with 2ISPs that will route the same public IPs another thing is DNS failover that is available with FortiADC.
Abdel
HI Adbel,
Thanks for the info.
However it is a bit more complicated than that. I kept it simple for the initail post.
We have around 150 public IPs we need to use. WAN1 is a /24 address, unfortunately WAN2 is a /30 so that presents a problem. (I inherited this network, dont blame me).
So although your answer is good I still have problems.
Any other ideas more than welcome.
Chris.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.