Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sheerazali
New Contributor II

Created on ‎07-10-2024 11:00 PM

FortiWeb Routes Issue

Dear Fortinet Community,

We are currently experiencing challenges with a WAF deployment project using FortiWeb version 7.4.3. Our goal is to migrate several web applications behind FortiWeb, but we have encountered a routing issue due to our network configuration.

In our setup, we have two different FortiGate physical appliances, each configured for separate ISP connections. One FortiGate is connected to a physical port on FortiWeb with a distinct subnet, while the second FortiGate is connected to another physical port on FortiWeb. We have created two different virtual IPs (vIPs) on both FortiWeb ports where each ISP terminates, and we have linked these vIPs to a single virtual server.

Currently, we have configured a default route pointing to one of the ISPs. However, the issue we are facing is that all responses are being routed through the ISP associated with the default route. We have attempted various solutions, including Policy-Based Routing (PBR) and static routes, but none have resolved the issue in this environment.

Given that this firewall setup is in a production environment, we cannot modify the default route. We are seeking advice on potential solutions to ensure that traffic is correctly routed based on the incoming request, rather than defaulting to a single ISP.

Sheeraz Ali
Sheeraz Ali
Labels:
695
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎07-11-2024 02:29 AM

For example lets say you have this config on FWB:

  • port1: 10.1.1.10
  • port2: 10.2.2.20
  • Def GW: 10.1.1.1
  • 2nd GW: 10.2.2.1

The policy route would be like this:

If source is 10.2.2.20 then send the packet to GW 10.2.2.1 through port2.

 

AEK

View solution in original post

AEK
654
3 REPLIES 3
jintrah_FTNT
Staff
Staff

Created on ‎07-11-2024 01:18 AM

Hi Sheeraz,

 

Please check if configuring a vzone is possible in setup, Understanding and Using the 'use-inte... - Fortinet Community should be helpful

 

Best regards,

Jin

672
AEK
SuperUser
SuperUser

Created on ‎07-11-2024 01:31 AM

Hi Sheeraz

I think your solution is to use policy routes on FWB. I always use it in such scenario.

AEK
AEK
665
AEK
SuperUser
SuperUser

Created on ‎07-11-2024 02:29 AM

For example lets say you have this config on FWB:

  • port1: 10.1.1.10
  • port2: 10.2.2.20
  • Def GW: 10.1.1.1
  • 2nd GW: 10.2.2.1

The policy route would be like this:

If source is 10.2.2.20 then send the packet to GW 10.2.2.1 through port2.

 

AEK
AEK
655
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.