- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 40F 3 ISP, Just 2 ISP allowed for web access management.
Hello Guys,
We have a client, that has 3 internet providers, they are connected to the ports (WAN, a, lan3), the 3 Links are pinging and working normally, but we can only access 2 of them via HTTPS or SSH to manage, it is necessary to do Can anyone configure it to work on all 3 links or does it really only work on 2? thanks!
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Try use diag sniffer to see why it is not working. E.g.:
diag snif packet any 'host x.x.x.x' 4
Where x.x.x.x is the pub IP from where you connect.
On the other hand note that it is not recommended to enable admin access on WAN ports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Diag sniffer works, ping works, traffic works, internal access to FW works, only external HTTPS or SSH access does not work. When you disconnect another link, it works again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Reinaldo1_ADD,
Are you using SDWAN? Please check the static routes by running this command "get router info routing-table all". You should have 3 default routes with the same administrative distance.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I mean try reproduce the issue while all WAN 3 links are connected, and while you are running the above mentioned traffic sniffer command.
This will show you how this traffic is transiting and may show interesting info.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct, we configured the SD-WAN, even changing the administrative distance, the problem continues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If they are under SDWAN, you need to give them the same cost. Can you provide the output of this command 'get router info routing-table all'. You can also run packet sniffer to see if the traffic reaches the FortiGate or not.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We discovered that the problem was with the internet provider, probably route. Thank you all.