Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tronton_team
New Contributor

Dual WAN separate traffic

Hello, i want to ask, i have a fortigate with 2 internet connections,i want to make WAN 1 for server database and Active directory and WAN 2 for client, server database and AD is one segment with client, can i make that with fortigate? please help me.

1 Solution
vjoshi_FTNT

With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.

 

 

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

View solution in original post

10 REPLIES 10
gschmitt
Valued Contributor

Go to System > Config > Features and set Advanced Routing to On

Go to Router > Static > Policy Routes and click Create New

 

Protocol Any

Incoming Interface internal

Source Address / Mask Your IPs which go to wan1

Destination Address / Mask 0.0.0.0/0

 

Then:

Outgoing Interface wan1

Gateway Address as needed

 

Repeat the step above with wan2

Sylvia

Hello,

 

gschmitt is right.

 

In case you can not configure the gateway for the policy routes, you have to make sure to have two default routes for both wan interfaces with the same distance. If you configure a better (=smaller) priority to one of the default routes, then this route would be used by default for outgoing traffic.

 

Sylvia

tronton_team

thank you very much for your answer, i will try it.  

vjoshi_FTNT
Staff
Staff

Yes, the above solution would work.

 

Along with that, having a link fail detection applied makes it more reliable.

 

Below KB article explains how to do it :

 

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD35080

 

Hope that helps.

francesco73
New Contributor

Hello,

 

At the moment we have only 1 Wan so all the traffic goes through wan 1.

In the next future we will add the second wan.

We want the same..that server with fixed Ip will remain to go to the old wan1 and users traffic will go through the new wan2.

is there no need to change any policies in Policy->Policy ?All the policies there at the moment refer only to wan1

 

Thanks Francesco

 

vjoshi_FTNT
Staff
Staff

Hello,

 

When you get the second WAN, you need the below:

- A default route via Wan2 (with equal distance and priority)

- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1

 

Another Firewall policy from Lan to WAN2 allowing the whole local subnet

francesco73

vjoshi wrote:

Hello,

 

When you get the second WAN, you need the below:

- A default route via Wan2 (with equal distance and priority)

- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1

 

Another Firewall policy from Lan to WAN2 allowing the whole local subnet

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

vjoshi_FTNT

With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.

 

 

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

r4ptor

Hi;

I have one internal network and 2 internet connections.

Internal(LAN): 172.17.10.0/24

Wan1: 37.152.162.17

Wan2: Wimax modem (with no static IP)

I want 3 users of my lan just use Wan 1, and other users just can use Wan2.

I try above solutions, but don't work for me!!

Our company had mikrotik before purchasing a fortigate, this feature is easy to configure in mikrotik with nat, firewall role and mangle.

Can help me about this?

 

Thank you

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors