I have a FG 100D running v5.2.9
I have 2 WAN connections connected.
Is it possible to route traffic to a certain IP address over the 2nd WAN link, and use the 1st WAN for all other traffic?
I have tried but can't get this to work, do I just use static routes or policy routes?
Also the traffic over the 2nd WAN needs to be source NAT'd
Any help would be great
Solved! Go to Solution.
Yes this is possible with static routes alone.
1- wan2 traffic
create a static route with destination '<remotehost_IP>/32', i.e. a host route. Point it to wan2.
2- internet traffic
create a static default route: '0.0.0.0/0', pointing to wan1.
Create the corresponding policies.
Traffic to the remotehost will follow the more specific route to wan2 while traffic to all other (unknown) destinations will be routed to wan1.
RedMt wrote:Not quite accurate. There are fields for priority and distance that determine the route taken. All that equal, then yes, the more specifically defined route will take precedence.It is definitely possible with static routes. In routing, the more specifically defined route always takes precedence. So if you set it up like this:
Set a default route (0.0.0.0/0) pointed over WAN2
Set specific routes (8.8.8.8/32 or 192.168.0.0/16 or whatever) over WAN1
It should do what you want. Because the more specific routes take precedence, any specifically defined route will go where you point them over WAN1. Anything not specifically defined will use the default route going over WAN2. Remember to set up whatever policies are necessary to allow the traffic to traverse whatever route you want it to use. Also, NAT is configured in the policy.
Hope this helps!
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Yes this is possible with static routes alone.
1- wan2 traffic
create a static route with destination '<remotehost_IP>/32', i.e. a host route. Point it to wan2.
2- internet traffic
create a static default route: '0.0.0.0/0', pointing to wan1.
Create the corresponding policies.
Traffic to the remotehost will follow the more specific route to wan2 while traffic to all other (unknown) destinations will be routed to wan1.
It is definitely possible with static routes. In routing, the more specifically defined route always takes precedence. So if you set it up like this:
Set a default route (0.0.0.0/0) pointed over WAN2
Set specific routes (8.8.8.8/32 or 192.168.0.0/16 or whatever) over WAN1
It should do what you want. Because the more specific routes take precedence, any specifically defined route will go where you point them over WAN1. Anything not specifically defined will use the default route going over WAN2. Remember to set up whatever policies are necessary to allow the traffic to traverse whatever route you want it to use. Also, NAT is configured in the policy.
Hope this helps!
Thanks guys this is working now.
Problem I had was that I was given the incorrect GW from the ISP
RedMt wrote:Not quite accurate. There are fields for priority and distance that determine the route taken. All that equal, then yes, the more specifically defined route will take precedence.It is definitely possible with static routes. In routing, the more specifically defined route always takes precedence. So if you set it up like this:
Set a default route (0.0.0.0/0) pointed over WAN2
Set specific routes (8.8.8.8/32 or 192.168.0.0/16 or whatever) over WAN1
It should do what you want. Because the more specific routes take precedence, any specifically defined route will go where you point them over WAN1. Anything not specifically defined will use the default route going over WAN2. Remember to set up whatever policies are necessary to allow the traffic to traverse whatever route you want it to use. Also, NAT is configured in the policy.
Hope this helps!
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Well said, Bob.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1789 | |
1120 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.