Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Fail Over or Load Balancing and or Link Bonding? 60B WAN1, WAN2, PCMCIA

After doing reading on items like peplink products (www.peplink.com) ... multi wan load balancing units which do: Link Aggregation & Load Balance Session Binding / Bonding Lines Fail Over I wasn’t too sure as to how Forigate 60B features work… it says it supports dual WANS, and has a PCMCIA modem but does it provide any features like link aggregation and load balancing or is it only for fail over? Or how does it route traffic; based on service or IP? Does it only activate the PCMCIA link when it sees a WAN failure? I was really hoping I could use a PCMCIA modem (with DDNS) along with my DSL on WAN 1 for failover, load balancing, and link aggregation for increased bandwidth for things like FTP transfers. Can anyone shed some light as to what it can do? Or am I better off with a dedicated product like the PePLink? I really wanted to use AT&T PCMCIA since we get 3G / HSDPA in our area.
13 REPLIES 13
UkWizard
New Contributor

load balancing on the fortigates is done by one of two methods; 1. Bending of traffic via multiple links based on any one (or more) matching of; Source IP/Subnet, Dest IP/Subnet, Traffic Type or Service (dest port). - So, you could have web traffic using wan1 for example, and everything else on wan2 2. ECMP - this is basically round robin based on the source Address, so internal machines would use alternate links based on whether there IP is an even or odd number. Fortinets do support modems and having them as backup links or load balancing, but it can get quite complicated. Would recommend you get technical advice of your reseller to ensure it will work as you want it to too. I personally do not have much experience with dialup backup connections, but i know it came be sticky to set up. have a look at this thread for more info on ECMP; http://support.fortinet.com/forum/tm.asp?m=41080&appid=&p=&mpage=1&key=load%2Cbalancing&language=single&tmode=&smode=&s=#41125
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UkWizard
New Contributor

this might also be useful; http://kc.forticare.com/default.asp?id=376&SID=&Lang=1
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

I opened a ticket anyway and got this... Basically it was a real kick in the rear for me! Not what I wanted to hear. Link Aggregation is only applies for FG800 and higher. 60B can only really Load Balance for WAN1 and WAN2 PCMCIA is only for backup... PCMCIA interface has no DDNS and can NOT accept inbound connections. This REALLY blows since you can not even access a SSL VPN or the firewall Admin page! Does not do much good when I have internal mail servers that need to be kept alive. Well… thanks for nothing Fortinet! =) I should have probably read into it before buying the firewall, but the PCMCIA interface was the only reason I upgraded to the 60B. I could have kept my 60 and saved a few bucks. I hope you are reading this and allow for the features I want in future firmware releases.
UkWizard
New Contributor

I am surprised it cannot accept incoming connections, that sounds odd to me. I would check this with your local fortinet techie if i was you. I find that hard to believe too, but suspect they meant because it doesnt support DDNS it cannot have incoming connections, which is actually wrong. So i wouldnt give up on it yet, as this might just be a misinterpretation. As even though the unit doesnt support DDNS, their is nothing stopping you having a DDNS client software app running on an internal server, that will update the DDNS with the external IP its coming from.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

UKWizard, You are so correct... I could just run DDNS softwre client on a computer that always stays on in my office... Would you feel comfortable installing that on a SBS 2003 server or pick a different computer? I try not to install too many things on our main server. I still have not played with the PCMCIA card... I was asking these questions so I know that to expect. I didnt want to sign a 1-2 year contract with my phone company only to find out I dont like the way it works. Anyone else know if PCMCIA card can accept incomming connections?
abelio

Anyone else know if PCMCIA card can accept incomming connections?
I guess we' re talking here about a Modem interface Pcmcia like a wireless one (i.e EVDO 3G). I understand that if you' ve confiigured modem interface as Redundant for a given interface, you' ll should be able to receive the same incoming connections that the replaced. On the other hand, if the Modem Iface is defined as standalone, is an interface with capabilities for send outgoing traffic, make vpn connections, etc, but i cannot see how you could access it remotely.

regards




/ Abel

regards / Abel
Not applicable

We are talking about the modem interface... I am looking at this 3G card like a standard WAN1 internet connection... Using DDNS software on a computer... I can get an IP address for the Modem Interface, and want to connect to it.
abelio

You can configure as redundant for an existent WANx interface or standalone. In that sense was my above post

regards




/ Abel

regards / Abel
Not applicable

Looks like you can not edit the modem network Interface... even after enabling it I dont get an edit icon. (I dont have a PCMCIA card tho... I dont know if that makes a difference) From the firewall I can see why you cant have DDNS. But this is solved with a software client. Regardless of Standalone or Redundant... it looks like I can create a policy from Modem to Internal. Also looks like I can select SSL VPN. So from this info... I dont see why I cant receive an incoming connection from Modem to Internal. I just hope these policys are not in place just for backup/failover. I really need to get a AirCard and play with this.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors