Hi Support,
I am New to Fortinet firewall. we are using FortiGate 100F firewall and the firmware version is v7.4. we have created multiple Vlans and two WAN links. now I configured static route for wan links. and Now all the vlans network traffics are going in only one wan link ie (primary Link). the secondary wan link is idle. so i need to segregate the Vlan traffic with the two WAN link. i need to configure One Vlan to access only Primary wan link. and second Vlan to access secondary wan link. and i have not configure the wan link in SD wan ZONE can you Please help.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you enable ECMP for routes via WAN links and check? Make sure the routes via WAN1 and WAN2 are configured with same priority/distance.
# config system settingsset v4-ecmp-mode source-dest-ip-based
thanks you SRajeswaran, your solution solved my issue. when we check with Forti support toll free they informed they wont help for this initial configuration and by orally he informed to configure SD WAN for this issue. now as per your suggestion i just change the administrator distance and priority . it worked for me. thanks a lot.
Can you enable ECMP for routes via WAN links and check? Make sure the routes via WAN1 and WAN2 are configured with same priority/distance.
# config system settingsset v4-ecmp-mode source-dest-ip-based
thanks you SRajeswaran, your solution solved my issue. when we check with Forti support toll free they informed they wont help for this initial configuration and by orally he informed to configure SD WAN for this issue. now as per your suggestion i just change the administrator distance and priority . it worked for me. thanks a lot.
Thanks for the confirmation @prince ,glad to hear the issue is fixed.
Hi,
if I got it correctly then you need to have several VLANs. You do have 2 WAN link connections. And you need to route traffic from specific VLAN to specific WAN link.
If that's the case, then I do see following options (from less to most config intensive):
1. Policy routes
- simply use that for a source IP Address + Incoming interface being your VLAN, and Outgoing interface option enabled and respective outgoing interface set.
- Via GUI in Network/Policy Routes , in CLI via 'config router policy' (simplified example):
config router policy
edit 0
set input-device "WLAN-11"
set src "10.0.11.0/255.255.255.0"
set dstaddr "all"
set output-device "WAN-2"
next
end
2. VRF
- separate interfaces by VRF ID and use that for routing between them
- more can be found in: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/224629/virtual-routing-and-f...
3. SD-WAN
- use Software Defined WAN and policy based routing to have more complicated setup, however with benefits like link quality monitors and overflows between WAN interfaces if needed
- more on that in: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/19246/sd-wan
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1070 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.