Dear Fortinet Community,
We are currently experiencing challenges with a WAF deployment project using FortiWeb version 7.4.3. Our goal is to migrate several web applications behind FortiWeb, but we have encountered a routing issue due to our network configuration.
In our setup, we have two different FortiGate physical appliances, each configured for separate ISP connections. One FortiGate is connected to a physical port on FortiWeb with a distinct subnet, while the second FortiGate is connected to another physical port on FortiWeb. We have created two different virtual IPs (vIPs) on both FortiWeb ports where each ISP terminates, and we have linked these vIPs to a single virtual server.
Currently, we have configured a default route pointing to one of the ISPs. However, the issue we are facing is that all responses are being routed through the ISP associated with the default route. We have attempted various solutions, including Policy-Based Routing (PBR) and static routes, but none have resolved the issue in this environment.
Given that this firewall setup is in a production environment, we cannot modify the default route. We are seeking advice on potential solutions to ensure that traffic is correctly routed based on the incoming request, rather than defaulting to a single ISP.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For example lets say you have this config on FWB:
The policy route would be like this:
If source is 10.2.2.20 then send the packet to GW 10.2.2.1 through port2.
Hi Sheeraz,
Please check if configuring a vzone is possible in setup, Understanding and Using the 'use-inte... - Fortinet Community should be helpful
Best regards,
Jin
Hi Sheeraz
I think your solution is to use policy routes on FWB. I always use it in such scenario.
For example lets say you have this config on FWB:
The policy route would be like this:
If source is 10.2.2.20 then send the packet to GW 10.2.2.1 through port2.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.