Hello,
i have two fortigate 1000C units with failover configuration.
i have two internet connections from two ISPs without BGP config., and i have configured WAN load balancing (WAN1 for ISP1 and WAN2 for ISP2) and it is working.
Now, i will remove the internet connection from ISP2 due to technical reasons and also we will not deploy BGP with our own AS and public IP.
i have agreed with ISP1 to provide us with additional internet connection and we have agreed to deploy private BGP "our customers are within ISP1" between our company and ISP1.
i have configured two CISCO routers to be internet routers, the first one will be connected to internet1 and the second will be connected to internet2 from the same ISP.
i'm planning to have a default route "outgoing traffic" at Router2 and i will prefer Router1 for incoming traffic for some servers using BGP config.
ISP1 gave us a public LAN IPs /27.
my questions:
1- i think i can't use the same running concept for the fortigate WAN load balance since the two links are within the same LAN, since we can't configure the two WAN links with the same LAN network ID. So, what is the alternative, do i remove the WAN load balancing and lost its advantages in addition i have a big work to do at the fortigate since the WAN load balance interface is used at the policies ....and use one WAN link, and apply dynamic routing protocol like OSPF between fortigate and CISCO routers in order to receive the default route using redistribution from BGP to OSPF?
2- for the incoming traffic "from our customers to our hosted services", do i need to apply policy or source based routing at the fortigate for the incoming traffic from the servers to go to Router1 in order not to go to Router2 "default route learned from OSPF".
3- Or it is better to remove CISCO routers from my network and connect the two internet links at the fortigate directly and configure a private BGP between the fortigate and the ISP1? this option i think will allow me to keep the WAN load balancing configuration.
Sorry for this long story and i hope that i get answers and/or new options for my design.
thanks in advance
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1661 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.