Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Arcam
New Contributor

Dual WAN Cascade on FG100D running 5.2.10

Hi Folks,

 

I have 2 WAN connections which I currently use routing policies to send traffic out, I would like to know if it is possible to cascade/overflow traffic from WAN1 to WAN2 when a certain bandwidth is exceeded, for example:

 

WAN1 hits 10Mbs usage and I would like the "excess" traffic to then use WAN2 until the load is reduced on WAN1 at which point WAN1 should be used again.

 

I have come across a number of FG docs which allude to the fact this may be possible but if anyone could point me in the right direction I would be grateful.

 

Thanks

Eddie

3 Solutions
BWiebe
Contributor

ECMP is what you are looking for in this scenario.

 

Looks like Spillover will do what you want.

 

Details here:

 

http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-advanced-routing-52/Routing_Advan...

 

and 

 

http://cookbook.fortinet.com/multipath-routing-basics/

 

Thanks,

View solution in original post

MikePruett
Valued Contributor

You don't have to delete the existing WAN ports or anything unless you are wanting to add them to a different zone or something like that.

 

With the existing policies in place (as long as they mirror each other) you can setup ECMP how you want.

View solution in original post

Mike Pruett Fortinet GURU | Fortinet Training Videos
MikePruett
Valued Contributor

Sorry Arcam, I missed the part about spillover. If you just wanted to do dual routes and have it failover when one link fails you are good to go. For the WLLB setup you WILL have to move it over. My apologies. I feel like today is another Monday!

 

A quick way would be to setup WLLB with two interfaces that are not in use. then back up the config and do a find and replace of the members and the policies to make the new WLLB interface go in place. From there you only have the downtime of restoring the new modified config.

View solution in original post

Mike Pruett Fortinet GURU | Fortinet Training Videos
7 REPLIES 7
BWiebe
Contributor

ECMP is what you are looking for in this scenario.

 

Looks like Spillover will do what you want.

 

Details here:

 

http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-advanced-routing-52/Routing_Advan...

 

and 

 

http://cookbook.fortinet.com/multipath-routing-basics/

 

Thanks,

Arcam
New Contributor

Thank you, I will give that a go. The only issue is the downtime in setting it up as the current WAN ports need to be deleted along with the policies etc to set it up.

 

Cheers

 

Eddie

MikePruett
Valued Contributor

You don't have to delete the existing WAN ports or anything unless you are wanting to add them to a different zone or something like that.

 

With the existing policies in place (as long as they mirror each other) you can setup ECMP how you want.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Arcam

Hi Mike,

 

I thought it had to be done like this: http://cookbook.fortinet.com/redundant-internet-connections/ before I could setup the overflow part?

MikePruett
Valued Contributor

Sorry Arcam, I missed the part about spillover. If you just wanted to do dual routes and have it failover when one link fails you are good to go. For the WLLB setup you WILL have to move it over. My apologies. I feel like today is another Monday!

 

A quick way would be to setup WLLB with two interfaces that are not in use. then back up the config and do a find and replace of the members and the policies to make the new WLLB interface go in place. From there you only have the downtime of restoring the new modified config.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Arcam

Thanks Mike, that sounds like a plan :)

Toshi_Esumi
Esteemed Contributor III

I want to try this myself too since I didn't know spillover was available. One thing I want to remind is if you have vpn into/out of the FG, dynamic ones might fail if outgoing interface is different from incoming, then you need to set static routes to one interface for static ones to keep outgoing and incoming interface is the same.

Top Kudoed Authors