FortiGate 80C - two ISP no routing

Bart · ‎05-18-2015

Hello,

from few days I try to set up router to using two ISP. I have virtual IP 79.10.10.245->192.168.1.5 on WAN1. I would like to use WAN2 for only one internal IP (192.168.1.15) and others internal IPs should go out via WAN1. I set up WAN2 (outside IP), added static route and police routes. Now the traffic for 192.168.1.15 goes via WAN2 but there is no routing between 192.168.1.15 and virtual IP 79.10.10.245. From 192.168.1.15 I can ping 192.168.1.5 and WAN1 router IP 79.10.10.242 but I can't ping 79.10.10.245.

WAN1 79.10.10.242/28

WAN2 80.10.10.242/28

Mail server IP: 79.10.10.245 /internal 192.168.1.5/

Static route:

WAN1:

destination:0.0.0.0/0.0.0.0

device: wan1

gateway: 79.10.10.241

distance:10

priority:0

WAN1:

destination:0.0.0.0/0.0.0.0

device: wan2

gateway: 80.10.10.241

distance:10

priority:5

Policy routes:

Procotol: all

Inncoming interface: internal

Source: 192.168.1.15

Destination: 0.0.0.0/0.0.0.0

Outgoing interfece: WAN2

Gateway: 80.10.10.241

I would like to ask You to try help me.

Thank You,

Bart.

Rafael_Freire · ‎05-18-2015

Bart wrote:
Hi,

I put to the post.

Bart.

Can you create a police route like bellow, putting the new PBR down of the wan2 policy?

Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway: 79.10.10.241

View solution in original post

ashukla_FTNT · ‎05-18-2015

Make sure the vip is set to interface as any not wan1.

Then create a policy route like following:

Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway: (blank)

Make sure this route is above of the any other policy route as policy routes are executed in sequence.

View solution in original post

Rafael_Freire · ‎05-18-2015

Hello,

I didn't understand all points . Can you post the result of " show static router" and " show router policy" here?

Regards,

Rafael Freire

Bart · ‎05-18-2015

Hi,

I put to the post.

Bart.

Rafael_Freire · ‎05-18-2015

Bart wrote:
Hi,

I put to the post.

Bart.

Can you create a police route like bellow, putting the new PBR down of the wan2 policy?

Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway: 79.10.10.241

Bart · ‎05-18-2015

Didn't help :(

ashukla_FTNT · ‎05-18-2015

Make sure the vip is set to interface as any not wan1.

Then create a policy route like following:

Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway: (blank)

Make sure this route is above of the any other policy route as policy routes are executed in sequence.

Bart · ‎05-18-2015

Guys works perfect !

Solution:

- change virtual ip to any interface

- add policy rutes above all like:

Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway: (blank)

Thank You a lot!

FortiGate 80C - two ISP no routing

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website