Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Dual Routing



Wan1 IP is

Wan2 IP is

Internal1 IP is

Internal2 IP is


I'm trying to make computers on Internal2 access the internet using Wan2 only.


I created 2 static routes as below: Gateway Gateway

both having distance 10 and priority 0


2 policies are created, Internal1 to Wan1 and Internal2 to Wan2


Since then computers on Internal1 keeps facing connectivity and slowness issues and when I try to change the distance and/or priority of wan2 then internal2 computers cant access internet.


any idea?!

Valued Contributor III

Policy routing is your friend. It's used in cases like yours when you want to 'bend' traffic away from it's primary course. Set up the parameters, and away you go. In your case, select the source subnet (and additionally any ports if needed), and the gateway. That should be it (in addition to a valid static route which you already have).

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:
New Contributor



Policy Routing didn't work for me. whenever I create a policy then L1 and L2 are not communicating to each others.


I have been selecting "any" in port field as so far i'm not sure which are all the ports required for L1 users to access the W1.



Mahmood Fraidoon wrote:

Policy Routing didn't work for me. whenever I create a policy then L1 and L2 are not communicating to each others.


So what's preventing you from also setting up policy routes for L1 and L2?


NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Tempted to suggest using two VDOMs with an inter-vdom link. Use one VDOM for wan1 and internal 1 and the other for wan2 and internal 2. Add static routes for internal 1 and 2 across the vdom link. Add two default routes per VDOM, one with larger priority number for the backup via the VDOM link.


A bit more complicated to setup and more firewall policies involved but less complicated in terms of routing and troubleshooting compared to policy routes. If not, you need to add further policy routes to enable internal 1 to internal 2 traffic and place them above the internet policy routes.


Policy routes override everything, including connected routes - this is the issue you're facing at the moment. The choice depends on whether there are other management advantages to either method. Two distinct VDOMs would make separating other differences between the two networks much easier as well. Depending on the model and the amount of traffic passing between internal 1 and internal 2 you might find that performance gets hit as well as VDOM links in some boxes are done purely in CPU.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors