Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jgauthier
New Contributor

Dual WAN Configuration question

Afternoon all,

Here is what I want to achieve : I want to use wan1 for my remote branch user's network (internet access and establish VPN to HeadQuarters) I wan to use wan2 for a guest network internet access but I'd also like to use it as a redundant interface to wan1 (with all above's functionnality)

Is this even achievable ?

Any help would be appreciated

Thanks

JF

4 REPLIES 4
jgauthier
New Contributor

Forgot to mention that both wan connection providers are dynamic (dhcp -- pppoe)

:)

lobstercreed

Yes, this is a very common configuration.  I would point you to this cookbook recipe for some step by step on the basics: https://cookbook.fortinet.com/redundant-internet-basic-failover-56/  Apply this as if your branch users were the only network that you cared about.

Note: you can use a Zone to simplify the configuration a bit by adding both WAN interfaces to an "Internet" zone.

https://cookbook.fortinet.com/using-zones-to-simplify-firewall-policies-56/

 

Then you would additionally need to set up a firewall policy to allow traffic from the guest network to the Internet, and add some policy routing to make sure the guest network could only go out the wan2 interface (under Network -> Policy Routes).

jgauthier

Thanks for the reply lobstercreed... this works perfectly IF my WAN interfaces are static IPs...

This is my issue actually... what if both those links are dynamic (one PPPoE and one DHCP in my case) ?

 

JF

lobstercreed

Does the default gateway you receive from DHCP regularly change?  Usually it does not, so you could probably still use static routes once you learned the correct gateways.  I think the rest of it would still work fine...you just might have to unset the "Retrieve default gateway from server" option in the Interface configuration once you were set up.

Labels
Top Kudoed Authors