Fortigate with dual ISP

haris_khan · ‎08-03-2014

Hi everybody , I have been configuring forigate 100d with dual ISP,i have 3 zones that include inside,outside and DMZ and two internet connections terminated on 100d,i want to route internal zone traffic through ISP1 and DMZ traffic through ISP2 ,can somebody guide me how to perform configure this.

Haris Khan

techevo · ‎08-04-2014

You need to setup the routes for both ISP with the same distance this way they will both appear in the routing table. Then I would setup a higher number for priority for ISP 2. Your existing default route should already be taking care of sending your internal traffic to your ISP 1. For your DMZ I would setup a policy route with for the source traffic of your DMZ to use the interface of your WAN2. This sould do the trick. You also have the possibility to setup dead gateway detection for each ISP so in case something goes wrong the traffic is sent to the other ISP ( if you have such needs ). Let me know if you need more help with the setup.

Nihas · ‎08-11-2014

Policy Routing will do !

Nihas [\b]

norouzi · ‎10-29-2014

Policy route will run before static route.

If you want LAN has access to DMZ and vs, create 2 policy route for both of them mean:

LAN > DMZ

DMZ> LAN

then create a policy route for internet

LAN> ISP1

DMZ>ISP2

If you need access from internet to internal(DMZ or LAN) with both ISPs , in static route you need to two routes with the same priority .

Fortigate with dual ISP

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website