Hello
i have 2 WAN intrfaces , created Virtual WAN interface include voth interfaces
i need to force all SMTP traffic to specific WAN interface .
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You need to review PBR ( policy based routing ). This will allow you specify what service to send out of the normal route selection.
config router policy edit 100 set input-device "DMZ01"
set src 10.1.1.1 255.255.255.255 set protocol 6 set start-port 25 set end-port 25 set output-device "wan2"
set gateway 1.2.3.4 next
Please ensure you have firewall policy to allow for the traffic & use the dia debug flow if you have issues
PCNSE
NSE
StrongSwan
thanks very much , Done :)
but if this interface with multiple IP addresses
how can i specify IP address to used
Thanks again
Not sure what you mean by used and multiple address, if you have secondaries, just specify the physical/virtual interface named and the defined ipv4 gateway address per the example given. If your SNAT, than apply the correct ip_pools for the address you want to use.
The PBR is forwarding the traffic outside of the normal kernel route table.
ken
PCNSE
NSE
StrongSwan
thanks again
when i crated route policy
its uses my primary ip address of the interface
i need to use one of secondaries addresses
i use SNAT
please tell me how to use iP pool
Ahmed wrote:thanks again
when i crated route policy
its uses my primary ip address of the interface
i need to use one of secondaries addresses
i use SNAT
please tell me how to use iP pool
Ahmed, IpPools are used to nat outgoing traffic of some session at your firewall. You can use it to do many things, like replace wan1 IP to your SMTP server IP to not blacklist it.
Example:
-> wan1 public ip address:
config system interface
edit "wan1" set vdom "root" set ip 33.33.33.50 255.255.255.0
next
end
->IPPool configuration:
config firewall ippool edit "ippool33" set startip 33.33.33.33 set endip 33.33.33.33 next
end
-> Rule configuration
config firewall policy
edit 15 set srcintf "internal" set dstintf "wan1" set srcaddr "host_10.10.10.10" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable set ippool enable set poolname "ippool33" next
-> Result:
Your host 10.10.10.10 outgoing ip was 33.33.33.50, now with ippool will be 33.33.33.33. Simple like that.
Regards,
Carlos
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.