Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate60D issue with secondary gateway

We have a Fortigate 60D running 6.0.9

We have two internet lines.

One is connected to 60D via WAN1

The other one is used by a Cisco router (which is in the same subnet with the 60D / 60D has and Cisco has respectively)

We can add static rule both for 60D (and the line that's in WAN1) with   gateway 85.xx.xx.xx (the static ip of the ISPs equipment)   gateway (the lan ip of the Cisco router)

but no traffic seems to get through this static route.

If we add a static route for a specific site it does gets through the Cisco router.

Any help ?


I'm assuming you're trying to do ECMP load balancing between them.

1. Check routing table with "get router info routing-table static". Do you see two default routes existing with the same distance and same priority.

2. What kind of policies do you have? It require two policies to each directions.

3. If the source you're generating the internet-bound traffic from is in the same LAN subnet, it would not work well when the FGT forwarded it to the Cisco because outgoing is 192.168.1.x(source)->>, but for returning the Cisco sends directly to the source 192.168.1.x. The FGT doesn't like it and might block following TCP outgoing packets due to only one way traffic.

You might need to set a VLAN between FGT and Cisco then assign a /30 subnet. Then you can have a proper policy toward the VLAN interface, in addition to the policy toward WAN1.


We've managed to solve this issue

Made one static route with gateway which is the next hop in the line which is connected via the cisco router, and an extra static route that for goint to ip the gateway is (cisco router lan ip).

So far it seems that is working..


Well it seems to work in some computers but not to others. But it must be a case of misconfigured DNS server.. Machines with DHCP work ok, but if they have static ip address they can't use both external lines depending on the fortigate's policies. The static ip pc's can access internet only via the line on WAN port..


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors