Hello, i want to ask, i have a fortigate with 2 internet connections,i want to make WAN 1 for server database and Active directory and WAN 2 for client, server database and AD is one segment with client, can i make that with fortigate? please help me.
Solved! Go to Solution.
With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.
Many Thanks!
In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?
Go to System > Config > Features and set Advanced Routing to On
Go to Router > Static > Policy Routes and click Create New
Protocol Any
Incoming Interface internal
Source Address / Mask Your IPs which go to wan1
Destination Address / Mask 0.0.0.0/0
Then:
Outgoing Interface wan1
Gateway Address as needed
Repeat the step above with wan2
Hello,
gschmitt is right.
In case you can not configure the gateway for the policy routes, you have to make sure to have two default routes for both wan interfaces with the same distance. If you configure a better (=smaller) priority to one of the default routes, then this route would be used by default for outgoing traffic.
Sylvia
thank you very much for your answer, i will try it.  
 
Yes, the above solution would work.
Along with that, having a link fail detection applied makes it more reliable.
Below KB article explains how to do it :
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD35080
Hope that helps.
Hello,
At the moment we have only 1 Wan so all the traffic goes through wan 1.
In the next future we will add the second wan.
We want the same..that server with fixed Ip will remain to go to the old wan1 and users traffic will go through the new wan2.
is there no need to change any policies in Policy->Policy ?All the policies there at the moment refer only to wan1
Thanks Francesco
Hello,
When you get the second WAN, you need the below:
- A default route via Wan2 (with equal distance and priority)
- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1
Another Firewall policy from Lan to WAN2 allowing the whole local subnet
vjoshi wrote:Hello,
When you get the second WAN, you need the below:
- A default route via Wan2 (with equal distance and priority)
- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1
Another Firewall policy from Lan to WAN2 allowing the whole local subnet
Many Thanks!
In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?
With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.
Many Thanks!
In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?
Hi;
I have one internal network and 2 internet connections.
Internal(LAN): 172.17.10.0/24
Wan1: 37.152.162.17
Wan2: Wimax modem (with no static IP)
I want 3 users of my lan just use Wan 1, and other users just can use Wan2.
I try above solutions, but don't work for me!!
Our company had mikrotik before purchasing a fortigate, this feature is easy to configure in mikrotik with nat, firewall role and mangle.
Can help me about this?
Thank you
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.