Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
koxle
New Contributor

Created on ‎01-03-2021 10:02 PM

Dynamic gateway on Policy-based routing?

Hi all,

 

I have a broadband(PPPoE) installed for the Guest VLAN.

And I would like to set a policy-based routing for the Guest VLAN default gateway.

But I found that I can't set the gateway as a dynamic gateway(from PPPoE).

Is there any solution to do the same thing?

 

5113
0 Kudos
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Created on ‎01-04-2021 08:02 AM

I don't understand what you are saying. The PPPoE is on WAN side, and the Guest VLAN is on LAN side. Why does the VLAN clients' GW needs to be dynamic?

3979
0 Kudos
koxle
New Contributor
In response to Toshi_Esumi

Created on ‎01-04-2021 09:16 AM

I have two WAN connections(1 Fixed IP connection and 1 PPPoE connection) for Staff and guests.

 

Staff network(Default van no tag) Guest network(Guest VLAN tag 100 - 192.168.100.0/24)

 

So I have to set 2 default routes in the Fortigate.

The gateway of the fixed IP connection will be the first priority default route(smallest Administrative Distance). For the second default route, if I set this via static route, I can simply select "Dynamic gateway" to let Fortigate get the gateway IP via PPPoE.

But it makes the second WAN become a redundant WAN but not a WAN for the guest VLAN.

 

Then, I tried to set a policy-based route as per below:

 

It makes all guests have internet access via the Guest wan(PPPoE).

But the problem is that the gateway may be changed.

 

Therefore, I am looking for a solution to set the gateway address to be a dynamic address(from PPPoE).

 

3979
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to koxle

Created on ‎01-04-2021 11:09 AM

There are two issues you need to address.

1. you need to have two default routes on the routing table to have two groups of users to use separate wan interfaces/default routes.  For that, you can't use different admin distances/costs for the wan interfaces/default routes. You need to use "priority" on static default routes. A smaller number has a higher priority.

To do this, you need to disable default route injection on the PPPoE interface. You might need to use CLI.

   set defaultgw diable

2. you now can use a policy-route to direct Guest users toward the secondary wan while all others use the primary wan.

 

Or better yet, put them in SD-WAN and you can control which one to use based on rules more granularly.

3979
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.