Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
abdulasaad
New Contributor

How to Direct Specific Traffic to Specific WAN ?

Dears , 

i have 3 internet sources in 3 WANs ... i need to direct the traffic of specific URL to a Specific WAN , is it possible ? 

 

Thanks in advance :) 

1 Solution
tioeudes
Contributor

Hello!

 

You can set up different static routes for each speciffic traffic and set the gateway (wan) you want for each speciffic traffic.

 

You can use sdwan for that too. Actually i would recommend using sd-wan rules.

 

 

Best regards,

tioeudes

View solution in original post

5 REPLIES 5
tioeudes
Contributor

Hello!

 

You can set up different static routes for each speciffic traffic and set the gateway (wan) you want for each speciffic traffic.

 

You can use sdwan for that too. Actually i would recommend using sd-wan rules.

 

 

Best regards,

tioeudes

Toshi_Esumi
Esteemed Contributor III

I'm assuming you have three default routes to all wan interfaces. Then policies would decide which wan to go if you specify individual wan for some specific traffic. But they wouldn't failover.

SD-WAN works almost in the same manner. Those wans are aggregated to "SD-WAN" interface. FGT set all static defaultroutes to all members. Then you'll specify which goes which with SD-WAN rules (CLI: config sys virtual-wan-link->config service). It has built-in failover mechanism you can configure (involving more consideration & configuration). That's why virtually everybody says "go to SD-WAN" in a situation like yours. 

Be careful if you have site-to-site vpns over one of those interfaces. It requires even more consideration & configuration, which I'm currently struggling with.

 

CHR57
New Contributor III

"Be careful if you have site-to-site vpns over one of those interfaces. It requires even more consideration & configuration, which I'm currently struggling with."

 

Can you have an IPSEC over SD-WAN?

CR
CR
Toshi_Esumi
Esteemed Contributor III

Probably out of OP's topic and should have a separate thread.

As I said "struggling" I'm still experimenting. VPN itself, either IPSec (site-to-site) or inbound SSL VPN, can still specify an individual interface, not SD-WAN (or virtual-wan-link). But you can't do the same with static routes. So it comes up and working as long as route is there to reach the other end. But I need to make sure the tunnel is not steered away by SD-WAN to another member interface with a rule in case of a static IPSec VPN. ...Or not. Still testing.

By any means I'm not an expert of FGT SD-WAN yet. Start a new thread. I haven't seen this topic before.

Toshi_Esumi
Esteemed Contributor III

Already found I was wrong. You can specify individual interface with static routes, as long as it has "set virtual-wan-link disable" which is the default value. Then the VPN should stay on the interface.

Labels
Top Kudoed Authors