Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor


Hi All.



We have dual WAN links WAN1 and WAN2. All our webservers are using WAN1 addresses which are then translated through VIP. However if WAN1 goes down how can WAN2 act as the new link for the webservers/email etc. I can get our ISPs to redirect the traffic no problem and I can send the outbound traffic. However when the inbound traffic comes in through WAN2 how can it still get to the webservers whose addresses exist on WAN1. Could I effectively have a policy to allow all traffic from WAN2 to WAN1 ?


I hope this makes sense.

Also we are looking at implementing SDWAN, would this help?


many thanks



Hi @ChrisM589 ,


You can add wan2 IP address as a second IP in the DNS record of web server. DNS server will return both IPs and if wan1 cannot connect the browser will try the second in the list. For your email server you can do the same with the mx record with wan2 having higher preference. MUA will connect to wan2 if tcp handshake fail with wan1.So you will need a VIP on wan2 as well.. This is easier way. You can also run BGP with 2ISPs that will route the same public IPs another thing is DNS failover that is available with FortiADC.




HI Adbel,


Thanks for the info.


However it is a bit more complicated than that. I kept it simple for the initail post.


We have around 150 public IPs we need to use. WAN1 is a /24 address, unfortunately WAN2 is a /30 so that presents a problem. (I inherited this network, dont blame me).

So although your answer is good I still have problems.


Any other ideas more than welcome.



Top Kudoed Authors