Dears ,
i have 3 internet sources in 3 WANs ... i need to direct the traffic of specific URL to a Specific WAN , is it possible ?
Thanks in advance :)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello!
You can set up different static routes for each speciffic traffic and set the gateway (wan) you want for each speciffic traffic.
You can use sdwan for that too. Actually i would recommend using sd-wan rules.
Best regards,
tioeudes
Hello!
You can set up different static routes for each speciffic traffic and set the gateway (wan) you want for each speciffic traffic.
You can use sdwan for that too. Actually i would recommend using sd-wan rules.
Best regards,
tioeudes
I'm assuming you have three default routes to all wan interfaces. Then policies would decide which wan to go if you specify individual wan for some specific traffic. But they wouldn't failover.
SD-WAN works almost in the same manner. Those wans are aggregated to "SD-WAN" interface. FGT set all static defaultroutes to all members. Then you'll specify which goes which with SD-WAN rules (CLI: config sys virtual-wan-link->config service). It has built-in failover mechanism you can configure (involving more consideration & configuration). That's why virtually everybody says "go to SD-WAN" in a situation like yours.
Be careful if you have site-to-site vpns over one of those interfaces. It requires even more consideration & configuration, which I'm currently struggling with.
"Be careful if you have site-to-site vpns over one of those interfaces. It requires even more consideration & configuration, which I'm currently struggling with."
Can you have an IPSEC over SD-WAN?
Probably out of OP's topic and should have a separate thread.
As I said "struggling" I'm still experimenting. VPN itself, either IPSec (site-to-site) or inbound SSL VPN, can still specify an individual interface, not SD-WAN (or virtual-wan-link). But you can't do the same with static routes. So it comes up and working as long as route is there to reach the other end. But I need to make sure the tunnel is not steered away by SD-WAN to another member interface with a rule in case of a static IPSec VPN. ...Or not. Still testing.
By any means I'm not an expert of FGT SD-WAN yet. Start a new thread. I haven't seen this topic before.
Already found I was wrong. You can specify individual interface with static routes, as long as it has "set virtual-wan-link disable" which is the default value. Then the VPN should stay on the interface.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.