I have a Fortigate with 2 ISP connections, and 2 firewall policies.
Firewall Policy 1 - to send traffic from internal LAN to ISP A (ID 6)
Firewall Policy 2 - to send traffic from internal LAN to ISP B (ID 12)
Right now Fortigate seems to always select Policy2/ISP B, even if I change the sequence of the policies.
The only way I can get it to use ISP A, is to disable the port for ISP B.
I tried creating a static route to use ISP A, but that creates a whole different issue. Certain computers cannot connect to the internet and Windows troubleshooter points to DNS issue, while some computers have no problems at all. The few computers that had this problem were Windows 7. Not sure if that's coincidence.
So my question is, is there another way for Fortigate to prioritize one Firewall Policy over the other?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes, I'm using DHCP on ISP-B. Static on ISP-A.
In this situation, is there anything we can do to get it it to use ISP-A? Other than a static route is there any other way?
Since ISP-B is using static IP, we need to configure a static or policy route via this interface with a higher preference value.
Once configured, please collect " get router info routing-table details 0.0.0.0" from CLI to confirm the ISP-B route is preferred.
OK.
This is my interface for ISP-A. Should I Override internal DNS? I remember having some PCs with DNS issues the other day when I enabled static route. In all my PCs and in the Fortigate DNS settings it is 8.8.8.8.
If this DNS works fine for you, then try enabling the override internal DNS option.
Ideally 8.8.8.8 as DNS should work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.