Dual WAN with no Load balancing

recha · ‎02-03-2015

hi everyone :)

i've got an issue on a ha fortigate 200D (5.0.10) with dual wan access.

(This two access are operational).

I would like to have some computers from my lan to go through Wan1 and other computers from my lan to go through Wan2.

I have 2 static route 0.0.0.0 for each wan access (same distance, but several priority)

I thought that just with policy (for example Src LAN 192.168.87.1 Dst Wan1 all and Src LAN 192.168.87.2 Dst Wan2 all) it was enough to get it work, but i doesn't...

Furthermore, i would like that in case of an wan access unavailable, all trafic will go through the wan available... if possible.

I don't know if my explanation are understandable (sorry for my bad english), but if someone has a configuration, close of this one, working, i will be very glad to listen him :)

Thanks in advance!

vjoshi_FTNT · ‎02-03-2015

Hello,

For loadbalancing the wan link, you have 2 options :

1) Dynamic 2) Manual

Dynamic:

- You need to have both default routes with same distance and priority

- Then choose the ecmp method under :

config system settings

set v4-ecmp-mode {source-ip-based | usage-based | weight-based} -->> by default it is source-ip-based

end

Manual:

- No need to make any changes to your existing setup

- Just add a policy route from the PC's which you want to be using WAN2 (with gateway 0.0.0.0)

(Src:LAN PC / Destination : any / Interface : Wan2)

For the wan link failover, you need to configure a ping server with the below commands:

config router gwdetect

edit 0

set interface <interface_name> set server <Any_IP_which is pingable on Internet>

end

Below KB article explains it in detail :

http://kb.fortinet.com/kb...amp;externalId=FD35080

Hope that helps

recha · ‎02-03-2015

Thanks for your reply :)

vjoshi wrote:
Manual:
- No need to make any changes to your existing setup
- Just add a policy route from the PC's which you want to be using WAN2 (with gateway 0.0.0.0)
(Src:LAN PC / Destination : any / Interface : Wan2)

My issue is exactly here... i was in that configuration... but none computer could go through wan2.... no problem for the wan1.

I'm desperate...

Thanks again for your help vjoshi

vjoshi_FTNT · ‎02-03-2015

- Make sure that there is internet through Wan2

- Check the routing > monitor and verify if you have a default route exists via wan2

- As I mentioned add a policy route :

Create a policy based route by clicking on System > Router > Policy Route >

Create New>

Source Interface - Internal;

Source Address :Test PC IP

Destination Address - ANY(0.0.0.0/0.0.0.0);

Outgoing Interface: Wan2;

Gateway: 0.0.0.0;

If you still have issues, get the output of the command :

#get router info routing-table databaase

#And you can even sniff the traffic with the command 'diag sniff packet any 'host 8.8.8.8 and icmp' 4 and do ping from the test pc to 8.8.8.8 and get first 4 lines of the output

vjoshi_FTNT · ‎02-03-2015

Also, make sure that NAT is enabled on the Firewall policy from Internal to Wan2

recha · ‎02-03-2015

Yes, it was like that exactly :)

i will re-test it thursday.

thx vjoshi :)

nasa007 · ‎06-06-2016

hi, have you solve your problem??

I am in same situation.

recha · ‎06-06-2016

nasa007 wrote:
hi, have you solve your problem??
I am in same situation.

In my case, i had to use the policy route.

Without it, i was only able to go through one wan.

venkat_971 · ‎08-07-2016

Hello Recha,

Is ur issue sorted. I do face the same concern.

Regards,

Venkat.k

Dual WAN with no Load balancing

Nominate a Forum Post for Knowledge Article Creation