Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ntluan56
New Contributor II

Created on ‎07-29-2024 03:23 AM Edited on ‎07-29-2024 05:38 AM

How to config multiple wan routing to FortiGate ?

I am setting up an office network with a FortiGate 80F (FortiOS 7.2) and am having trouble with routing. Can anyone please tell me how to configure multiple wan routing?

My scenario includes the following Vlan interfaces (LAG with switch):

- wan1: 1.1.1.1
- wan2: 2.2.2.2
- wan3: 3.3.3.3

 

- lan1: 192.168.1.0/24
- lan2: 192.168.2.0/24
- lan3: 192.168.3.0/24
- lan4: 192.168.4.0/24

 

Goals:

1. When lans connect to the internet:
- lan1 → wan1
- lan2 → wan2
- lan3 → wan3
- lan4 → wan3

2. Automatically change to the following priority routing if issues occur:
- lan1: wan1 → wan2 → wan3
- lan2: wan2 → wan3 → wan1
- lan3: wan3 → wan1 → wan2
- lan4: wan3 → wan1 → wan2

 

My config:
link-monitor.png

 

route-policy.png

Labels:
683
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎07-29-2024 03:34 AM

SD-WAN is the best way to do that and the modern way to manage you WAN links.

You can start here:

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/889544/sd-wan-quick-start

 

AEK
AEK
672
ntluan56
New Contributor II
In response to AEK

Created on ‎07-29-2024 05:39 AM

Thank you for your advice.
I am working with the SD-WAN configuration and have some questions:

1. In the document linked below, I see only one internal network. In my case, how can I set up multiple internal networks? I guess this would be covered under [Configuring firewall policies for SD-WAN].

[SD-WAN Quick Start Guide](https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/889544/sd-wan-quick-start)

 

2. I uploaded my configuration (not using SD-WAN), and it can route traffic through each WAN, but it does not automatically change routes when I shut down a WAN link (from the upstream switch).

Is there something I missed to enable the automatic route change mechanism, or do I need to use SD-WAN as required to implement this?

627
0 Kudos
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎07-29-2024 06:03 AM

  1. Yes you can have multiple internal networks, you just need to add the related firewall rules (to allow the traffic) and the related SD-WAN rules (to route the traffic)
  2. If not using SD-WAN you can do this using "link monitor" (it will remove the route when the probe fails). When using SD-WAN the config is simpler and better by using Performance SLA

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Link-monitor/ta-p/197504

Hope it helps

AEK
AEK
618
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.