Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Xcage
New Contributor

Created on ‎06-28-2017 07:41 AM

Help with routing a client(PC on lan) through certain Wan ISP line

Hi all ,

 

So the issue or the help that i need is with routing a client on lan network only through certain wan isp line because he needs to have the external ip adress of that one specific isp.

Its a fortigate 90D unit with 6 different ISP lines all on WANLLB (load balanced) and i want to know how can i route someone from lan network only through certain wan ports or w.e you want to call them.

 

i assume its done using policy routing but have no idea how to do that, anyone can point me into the right direction?

Labels:
5152
0 Kudos
5 REPLIES 5
EMES
Contributor

Created on ‎06-28-2017 06:28 PM

config router policy edit 0 set action permit set protocol 0

set src <IP OF User>

set dst 0.0.0.0/0 set gateway <ISP GATEWAY>

set input-device <Internal Interface> set output-device <ISP INTERFACE> set status enable next end

 

That should work and send all the users traffic that way.

2262
0 Kudos
Xcage
New Contributor
In response to EMES

Created on ‎06-29-2017 01:21 AM

Thank you very much for help. That works the same like making a policy route using GUI ? If so how would I configure it so it only send certain traffic using certain interface for a certain user. For instance I want all ftp traffic to use for example wan1, and I do have all my users reserved up addresses and names if that helps
2262
0 Kudos
EMES
Contributor
In response to Xcage

Created on ‎06-29-2017 08:06 AM

It is the same as the GUI yes, Heres another post adding a little more about it.

https://forum.fortinet.com/FindPost/150150

 

If you want all FTP traffic to flow that way the you would set the protocol to TCP and set the destination ports from 20 to 21. For the source you would set your internal subnet or subnets. If you have address objects of your internal subnets or groups, you can use those in the CLI but not in the GUI.

2262
0 Kudos
EMES
Contributor
In response to EMES

Created on ‎06-29-2017 08:08 AM

If you do not use the address objects in the CLI then you will have to make multiple policies for each source subnet if the subnets are not contiguous.

 

2262
0 Kudos
Xcage
New Contributor
In response to EMES

Created on ‎06-29-2017 02:36 PM

ok so first of all thank you very much for the help.

 

i did what you said , and configured the routing for the specific client like so (tried WAN2 and internal1)

 

 

but i see that the traffic (port21) still goes thru the same wan interface like all the other traffic

 

 

now it doesnt really matter which wan interface i choose ,its still routes FTP traffic thru same interface

 

(except the one that the machine is actually using at the moment obviously)

 

and this is my policy route page , making sure that there is no other policy route defined for that same machine

 

 

 

what am i missing ? btw if i route ALL the traffic it works.

2262
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.