hello
I have FortiGate100F I applied wan failover (I have two lines from my ISP ) if wan1 disconnect all traffic going from wan2.
Now I connect new subnet to port10 .. I need all traffic going from port 10 to wan2 not wan1 (i add policy to allow traffic from port 10 to wan2 ) when i connect my pc to port10 it take IP and DNS (already I enabled DHCP) but no Internet anyone help me please
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@ahmadking22
Good day.
First, you need to make sure that you have default route entry going to WAN1 and WAN2 on routing-table.
get router info routing-table all
get router info routing-table database
You may need to change distance and priority.
If routes for same subnet/prefix have same distance, both will be showing on routing-table.
Otherwise, if they have different distance, lowest distance route will only showing on routing-table.
https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an...
After making sure that WAN1 and WAN2 entry are present, you will need Policy Route and Firewall Policy to route the traffic from Port10 to WAN2.
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/144044/policy-routes
Hello @ahmadking22 ,
You can create a policy route for this request. Policy route can redirect traffic to wan2 from port10.
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/144044/policy-routes
there is no option Policy Routes
Hello @ahmadking22 ,
Since it is disabled in the feature visibility, it does not appear in the menu. If you turn on advanced routing under the System -> Feature Visibility menu, Policy Routes will appear under the Network menu.
I apply but same problem No Internet
Hello @ahmadking22 ,
Can you share your policy route configuration and run these debug commands? While running these commands can you try to access the internet? After trying can you share the output with us?
Btw, if you try the same destination every try, can you change that?
diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug reset
diagnose debug flow filter saddr <YOUR_CLIENT_IP>
diagnose debug flow trace start 100
diagnose debug enable
@ahmadking22
Good day.
First, you need to make sure that you have default route entry going to WAN1 and WAN2 on routing-table.
get router info routing-table all
get router info routing-table database
You may need to change distance and priority.
If routes for same subnet/prefix have same distance, both will be showing on routing-table.
Otherwise, if they have different distance, lowest distance route will only showing on routing-table.
https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an...
After making sure that WAN1 and WAN2 entry are present, you will need Policy Route and Firewall Policy to route the traffic from Port10 to WAN2.
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/144044/policy-routes
Many Thanks
I put same distance for wan1 and wan2 after that i change priority for wan2 to 3 all traffic going to wan1
after that i put policy in static route to Forword traffic from port 10 to wan2 after that I put policy
in firewall policy to allow traffic from port10 to wan 2
now everything fine
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.