Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PilotK
New Contributor

Dual ISPs and one webserver

I need help with this scenario:

- two ISPs with IP addresses WIP1 for ISP1, WIP2 for ISP2

- one web server with private IP address PIP1

Request to web server is going from ISP1 and ISP2 to WIP1 and WIP2; it is done by DNS round robin.

Problem si that traffic from ISP1 goes to web server and back to ISP1; trafic from ISP2 goes to web server and go back to ISP1 (not to ISP2).

Generally I need all traffic from ISP1 to go back to ISP1 and all traffic from ISP2 to go back to ISP2. How can I do it?

 

(I'm new to Fortigate; on Mikrotik it worked using the connection mark function.)

Any ideas welcome

Thanks

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor III

That means only one default route to ISP1 is in the routing-table. You need to have two static default routes to ISP1 and ISP2 GWs. With either the same admin distance (load-balance for outgoing traffic) or ISP2's has a higher number of priority like 10 (default is 0) so that outgoing traffic always goes to ISP1.

 

Toshi

hbac
Staff
Staff

Hi @PilotK,

 

Are you using Virtual server to load balance the incoming traffic? Can you check the firewall policy which allows traffic from the server to the Internet and see what is the NAT option.

 

Are you using SDWAN? If yes, you can follow this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-associate-a-NAT-pool-IP-pool-to-a-p...

 

Regards, 

Top Kudoed Authors