Afternoon all,
Here is what I want to achieve : I want to use wan1 for my remote branch user's network (internet access and establish VPN to HeadQuarters) I wan to use wan2 for a guest network internet access but I'd also like to use it as a redundant interface to wan1 (with all above's functionnality)
Is this even achievable ?
Any help would be appreciated
Thanks
JF
Forgot to mention that both wan connection providers are dynamic (dhcp -- pppoe)
:)
Yes, this is a very common configuration. I would point you to this cookbook recipe for some step by step on the basics: https://cookbook.fortinet.com/redundant-internet-basic-failover-56/ Apply this as if your branch users were the only network that you cared about.
Note: you can use a Zone to simplify the configuration a bit by adding both WAN interfaces to an "Internet" zone.
https://cookbook.fortinet.com/using-zones-to-simplify-firewall-policies-56/
Then you would additionally need to set up a firewall policy to allow traffic from the guest network to the Internet, and add some policy routing to make sure the guest network could only go out the wan2 interface (under Network -> Policy Routes).
Thanks for the reply lobstercreed... this works perfectly IF my WAN interfaces are static IPs...
This is my issue actually... what if both those links are dynamic (one PPPoE and one DHCP in my case) ?
JF
Does the default gateway you receive from DHCP regularly change? Usually it does not, so you could probably still use static routes once you learned the correct gateways. I think the rest of it would still work fine...you just might have to unset the "Retrieve default gateway from server" option in the Interface configuration once you were set up.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.