Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPhish
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Duplicate static route entries causing dual WAN p...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 04-17-2010 05:01 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Duplicate static route entries causing dual WAN problems
FortiGate 80C with v4.0,build0196,100319 (MR1 Patch 4) installed.
I have configured dual WAN PPPoE following various instructions and posts on these forums (took a while to get it right) and it has been working ok. However every now and then I find that traffic is not flowing through the preferred connection. When this happens I notice in the Web UI that there are duplicate static entries for one of the PPPoE connections.
e.g.
Static 0.0.0.0/0 5 0 150.101.a.b ppp0
Static 0.0.0.0/0 5 0 203.55.x.y ppp1
Static 0.0.0.0/0 5 0 203.55.x.y ppp1
Sometimes rebooting the router clears this but not always, and I don' t want to have to check this and to reboot the router all the time. I have tried swapping modems, but this doesn' t seem to make any difference.
I really like this router (and to sell them) but I am finding the dual WAN side of this device difficult to configure correctly and unreliable when you do configure it. Can anyone offer any suggestions why this is happened and what to do?
These are the settings I have set to make dual WAN PPPoE work (Dopes it matter which number is which?).
config router static
edit 2
set device " wan1"
set distance 5
set dynamic-gateway enable
set priority 10
set weight 35
next
end
config router static
edit 1
set device " wan2"
set distance 5
set dynamic-gateway enable
set priority 20
set weight 35
next
end
NB: I also have problems with YouTube and previewing iTunes songs from iPhones and iPod Touches when going through the preferred Internet connection, but not the secondary but that may be an ISP Issue so just mentioned just in case it triggers a thought from someone.
8 REPLIES 8
Not applicable
Created on 04-17-2010 05:07 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This was meant to go into the Routing subforum, not sure how it ended up in Firewall... can it be moved?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: Meppy This was meant to go into the Routing subforum, not sure how it ended up in Firewall... can it be moved?i guess not; but you can delete your own post and repost it in an appropiate forum
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your both interfaces are defined as pppoe, define the ' priority' parameter within the interface configuration itself.
config system interface
edit wanX
set prioritu <value
next
end
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks I will try that, it seems I need to write a basic how to article on setting up dual WAN PPPoE properly as the information seems to be spread around and I am still unclear on the effects and consequences of each setting.
I am not sure changing a priority will fix this? The whole duplicate route entries seems like a bug or misconfiguration somewhere to me.
Not applicable
Created on 04-18-2010 12:56 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well the duplicate route has re-appeared but the connections are still using the perferred route, but that is because the secondary route with the duplicate entries is not working.
I obviously need to raise a support request with FortiNet about this.
Also there was no option for me to delete my original post.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: Meppy Well the duplicate route has re-appeared but the connections are still using the perferred route, but that is because the secondary route with the duplicate entries is not working.Why did you define those 2 static routes ? Generally, if you check ' Retrieve default gateway from server' box, you' ll obtain both correct default routes for your PPPoE; if you' re under doublewan scenario, be sure that ' Distance' box has the same value for both. For priority setting, see my above post
Also there was no option for me to delete my original post.if you' re logged in the forum with your account, you could delete your own posts using the ' x' icon up right.
regards
/ Abel
regards
/ Abel
Not applicable
Created on 04-18-2010 06:46 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I defined those because ECMP wasn' t originally working properly and after asking questions and searching and reading KBs and other posts (http://support.fortinet.com/forum/tm.asp?m=49665&p=1&tmode=1&smode=1).
I need it to work so that it uses one connection by default unless I have specific rules that direct traffic to one or other of the connections, but to also handle things when one of the connections fails.
There does not seem to be any clear consensus or official instructions on how to set this up when using PPPoE so that it works properly.
My problem of it randomly creating a duplicate static entry either means I am doing something wrong or there is a bug (or both).
There is no red cross next to the original post, maybe once it is replied to I am stuck.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need it to work so that it uses one connection by default unless I have specific rules that direct traffic to one or other of the connections, but to also handle things when one of the connections fails.Re-try first with the simpler approach: - define your both pppoe with the same distance value (don' t use default value 1) in the interface' s itself ' distance' box - check ' Retrieve default gateway from server' box in both. - don' t add more static routes at all - go to the CLI and write: ' get router info routing-table details' Can you see 2 lines near " S*" via wan1 AND wan2? If so, it' s done, you' ve ecmp working if that' s really you want. If don' t, re-check distances or another setting is making noise. regards,
regards
/ Abel
regards
/ Abel
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,913 -
FortiClient
1,798 -
5.2
801 -
FortiManager
761 -
5.4
639 -
FortiAnalyzer
574 -
FortiSwitch
489 -
FortiAP
479 -
FortiClient EMS
444 -
6.0
416 -
5.6
362 -
FortiMail
326 -
SSL-VPN
261 -
6.2
251 -
FortiAuthenticator v5.5
234 -
IPsec
225 -
FortiWeb
213 -
FortiNAC
198 -
5.0
196 -
FortiGuard
141 -
6.4
128 -
SD-WAN
120 -
FortiAuthenticator
114 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
99 -
FortiToken
92 -
Firewall policy
89 -
Wireless Controller
82 -
Customer Service
81 -
4.0MR3
64 -
FortiProxy
64 -
High Availability
62 -
Fortivoice
58 -
FortiADC
54 -
FortiEDR
53 -
VLAN
53 -
ZTNA
53 -
Routing
49 -
DNS
48 -
FortiExtender
46 -
FortiSandbox
44 -
FortiDNS
42 -
BGP
42 -
LDAP
42 -
SAML
40 -
RADIUS
39 -
Authentication
39 -
Certificate
38 -
NAT
37 -
FortiGate v5.4
35 -
SSO
35 -
FortiSwitch v6.4
34 -
VDOM
33 -
Interface
32 -
FortiConnect
31 -
FortiLink
31 -
Application control
29 -
FortiWAN
27 -
Web profile
27 -
FortiGate-VM
26 -
Logging
26 -
Virtual IP
26 -
FortiConverter
25 -
FortiGate v5.2
24 -
FortiPAM
23 -
SSL SSH inspection
23 -
FortiPortal
20 -
FortiSwitch v6.2
19 -
Fortigate Cloud
19 -
FortiMonitor
18 -
Traffic shaping
18 -
SSID
17 -
OSPF
16 -
Automation
16 -
WAN optimization
16 -
FortiDDoS
15 -
SNMP
15 -
Static route
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
Admin
13 -
FortiCASB
12 -
Security profile
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
IPS signature
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
FortiAP profile
10 -
Intrusion prevention
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
DNS filter
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Explicit proxy
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
API
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
FortiCarrier
5 -
FortiTester
5 -
Users
5 -
Authentication rule and scheme
5 -
Email filter profile
5 -
3.6
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
Service
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1759 | |
| 1116 | |
| 766 | |
| 447 | |
| 242 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.