I have a Fortigate and configured 2 interfaces that connect to 2 different ISPs.
Interface 9 - ISP A
Interface 10 - ISP B
Basically, I would like all computers to use interface 9, except for a selected few that will use interface 10.
Interface 10 is configured with a DHCP, and I've been told that because of this, Interface 10 becomes the default route. To fix this, I created a Policy Route so that all traffic goes to Interface 9. Then I created another Policy Route to make the selected few computers to use Interface 10. This all works perfectly fine.
My question is: If interface 9 goes down, will the computers automatically use Interface 10?
I don't want it to use interface 10, I want the computers to just not have any internet access at all if interface 9 is down. (sounds odd but there's a reason for that). I am unable to test this out now, hence this question.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
ideally even if ISP is down like if internet is not working, there is no way firewall can detect that connectibity issue unless you configure link monitor.
So if you dont configure link monitor your configuration and "enable update static route" option in the link monitor configuration, firewall should still pass the packet through the down interface.
Please check
Hello,
Why not try to use SD-WAN feature with better priority for interface 9 ?
I think you can create a negate policy from your LAN/Computers to port10. With this you can allow access only to the selected computers/usres.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-Policy-Negate-option/ta-p/194290
ideally even if ISP is down like if internet is not working, there is no way firewall can detect that connectibity issue unless you configure link monitor.
So if you dont configure link monitor your configuration and "enable update static route" option in the link monitor configuration, firewall should still pass the packet through the down interface.
Please check
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1666 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.