Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fatboydrunk
New Contributor

Dual Wan destination routing

I have a FG 100D running v5.2.9

I have 2 WAN connections connected.

Is it possible to route traffic to a certain IP address over the 2nd WAN link, and use the 1st WAN for all other traffic?

I have tried but can't get this to work, do I just use static routes or policy routes?

Also the traffic over the 2nd WAN needs to be source NAT'd

 

Any help would be great

2 Solutions
ede_pfau
Esteemed Contributor III

Yes this is possible with static routes alone.

1- wan2 traffic

create a static route with destination '<remotehost_IP>/32', i.e. a host route. Point it to wan2.

2- internet traffic

create a static default route: '0.0.0.0/0', pointing to wan1.

 

Create the corresponding policies.

Traffic to the remotehost will follow the more specific route to wan2 while traffic to all other (unknown) destinations will be routed to wan1.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
rwpatterson
Valued Contributor III

RedMt wrote:

It is definitely possible with static routes. In routing, the more specifically defined route always takes precedence. So if you set it up like this:

 

Set a default route (0.0.0.0/0) pointed over WAN2

Set specific routes (8.8.8.8/32 or 192.168.0.0/16 or whatever) over WAN1

 

It should do what you want. Because the more specific routes take precedence, any specifically defined route will go where you point them over WAN1. Anything not specifically defined will use the default route going over WAN2. Remember to set up whatever policies are necessary to allow the traffic to traverse whatever route you want it to use. Also, NAT is configured in the policy.

 

Hope this helps!

Not quite accurate. There are fields for priority and distance that determine the route taken. All that equal, then yes, the more specifically defined route will take precedence.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

View solution in original post

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
5 REPLIES 5
ede_pfau
Esteemed Contributor III

Yes this is possible with static routes alone.

1- wan2 traffic

create a static route with destination '<remotehost_IP>/32', i.e. a host route. Point it to wan2.

2- internet traffic

create a static default route: '0.0.0.0/0', pointing to wan1.

 

Create the corresponding policies.

Traffic to the remotehost will follow the more specific route to wan2 while traffic to all other (unknown) destinations will be routed to wan1.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
RedMt
New Contributor

It is definitely possible with static routes. In routing, the more specifically defined route always takes precedence. So if you set it up like this:

 

Set a default route (0.0.0.0/0) pointed over WAN2

Set specific routes (8.8.8.8/32 or 192.168.0.0/16 or whatever) over WAN1

 

It should do what you want. Because the more specific routes take precedence, any specifically defined route will go where you point them over WAN1. Anything not specifically defined will use the default route going over WAN2. Remember to set up whatever policies are necessary to allow the traffic to traverse whatever route you want it to use. Also, NAT is configured in the policy.

 

Hope this helps!

Fatboydrunk

Thanks guys this is working now.

Problem I had was that I was given the incorrect GW from the ISP

rwpatterson
Valued Contributor III

RedMt wrote:

It is definitely possible with static routes. In routing, the more specifically defined route always takes precedence. So if you set it up like this:

 

Set a default route (0.0.0.0/0) pointed over WAN2

Set specific routes (8.8.8.8/32 or 192.168.0.0/16 or whatever) over WAN1

 

It should do what you want. Because the more specific routes take precedence, any specifically defined route will go where you point them over WAN1. Anything not specifically defined will use the default route going over WAN2. Remember to set up whatever policies are necessary to allow the traffic to traverse whatever route you want it to use. Also, NAT is configured in the policy.

 

Hope this helps!

Not quite accurate. There are fields for priority and distance that determine the route taken. All that equal, then yes, the more specifically defined route will take precedence.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
RedMt

Well said, Bob. 

Labels
Top Kudoed Authors