Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
recha
New Contributor III

Dual WAN with no Load balancing

hi everyone :)

 

i've got an issue on a ha fortigate 200D (5.0.10) with dual wan access.

(This two access are operational).

I would like to have some computers from my lan to go through Wan1 and other computers from my lan to go through Wan2.

I have 2 static route 0.0.0.0 for each wan access (same distance, but several priority)

 

I thought that just with policy (for example Src LAN 192.168.87.1 Dst Wan1 all and Src LAN 192.168.87.2 Dst Wan2 all) it was enough to get it work, but i doesn't...

Furthermore, i would like that in case of an wan access unavailable, all trafic will go through the wan available... if possible.

 

I don't know if my explanation are understandable (sorry for my bad english), but if someone has a configuration, close of this one, working, i will be very glad to listen him :)

 

Thanks in advance!

 

 

 

8 REPLIES 8
vjoshi_FTNT
Staff
Staff

Hello,

For loadbalancing the wan link, you have 2 options :

1) Dynamic 2) Manual

Dynamic:

- You need to have both default routes with same distance and priority

- Then choose the ecmp method under :

config system settings

set v4-ecmp-mode {source-ip-based | usage-based | weight-based}  -->> by default it is source-ip-based

end

 

Manual:

- No need to make any changes to your existing setup

- Just add a policy route from the PC's which you want to be using WAN2 (with gateway 0.0.0.0)

(Src:LAN PC / Destination : any / Interface : Wan2)

 

For the wan link failover, you need to configure a ping server with the below commands:

 

config router gwdetect

edit 0

set interface <interface_name> set server <Any_IP_which is pingable on Internet>

end

Below KB article explains it in detail :

http://kb.fortinet.com/kb...amp;externalId=FD35080

 

Hope that helps

recha
New Contributor III

Thanks for your reply :)

 

vjoshi wrote:

Manual:

- No need to make any changes to your existing setup

- Just add a policy route from the PC's which you want to be using WAN2 (with gateway 0.0.0.0)

(Src:LAN PC / Destination : any / Interface : Wan2)

My issue is exactly here... i was in that configuration... but none computer could go through wan2.... no problem for the wan1.

 

I'm desperate...

Thanks again for your help vjoshi

vjoshi_FTNT

- Make sure that there is internet through Wan2

- Check the routing > monitor and verify if you have a default route exists via wan2

- As I mentioned add a policy route :

 

Create a policy based route by clicking on System > Router > Policy Route >

Create New>

 

Source Interface - Internal;

Source Address :Test PC IP

Destination Address - ANY(0.0.0.0/0.0.0.0);

Outgoing Interface: Wan2;

Gateway: 0.0.0.0;

 

If you still have issues, get the output of the command :

 

#get router info routing-table databaase

#And you can even sniff the traffic with the command 'diag sniff packet any 'host 8.8.8.8 and icmp' 4 and do ping from the test pc to 8.8.8.8 and get first 4 lines of the output

vjoshi_FTNT

Also, make sure that NAT is enabled on the Firewall policy from Internal to Wan2

recha
New Contributor III

Yes, it was like that exactly :)

 

i will re-test it thursday.

thx vjoshi :)

nasa007
New Contributor

hi, have you solve your problem??

I am in same situation.

recha
New Contributor III

nasa007 wrote:

hi, have you solve your problem??

I am in same situation.

In my case, i had to use the policy route.

 

Without it, i was only able to go through one wan.

 

venkat_971

Hello Recha,

 

Is ur issue sorted. I do face the same concern.

Regards,

Venkat.k

Regards, Venkat.k
Top Kudoed Authors