Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AndreaDV
New Contributor

Created on ‎05-14-2024 02:13 AM

How to create 1 Wan with 2 Lan Trunk

Hi i've a Forti 60F,

i've to create manage 2 WAN for the customer.

The first WAN have an internal LAN where NAT is enable, and I have no problems with this network.

The second WAN have an unique cable but Is a trunk of 2 LAN, with 2 different gateway. 

In the lan side of the 60F i've to configure both lan and direct, with 2 different gateways, always to the same outgoing wan port 2. How is it resolved? By making internal VLANs?   

Thanks

Labels:
1827
0 Kudos
1 Solution
ebilcari
Staff
Staff
In response to AndreaDV

Created on ‎05-14-2024 08:55 AM

The first option will do it, it will create "subinterfaces" on the physical interface (wan2) that you can connect on a switchport that sends tagged VLAN traffic with ID 433 and 443.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

1688
0 Kudos
13 REPLIES 13
sw2090
SuperUser
SuperUser

Created on ‎05-14-2024 05:02 AM

unfortunately your description is hard to follow. Can you add some diagram? 

I have FortiGates here that have three WAN with two different providers and either NAT behind the WAN (where is the Router that has the ADSL Modem) or WAN IP directly on the WAN of the FGT.

I handle them all via sdwan. So they can be in an sdwan zone alltogether.Can have some health checks and the rest can be done either with policies or/and sdwan rules.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1375
0 Kudos
AndreaDV
New Contributor

Created on ‎05-14-2024 05:17 AM

I took the time to draw it and I'll share it, thank you in the meantime

1371
0 Kudos
AndreaDV
New Contributor

Created on ‎05-14-2024 05:31 AM

How it is possible to use 2 different IP/DG on WAN2 interface?
outside there is another Firewall that have the 2 vlan 

IMG_0003.jpg

1367
0 Kudos
ebilcari
Staff
Staff
In response to AndreaDV

Created on ‎05-14-2024 05:35 AM Edited on ‎05-14-2024 06:36 AM

You can create more than one interface type VLAN and set the VLAN ID that you have configured on switch port (trunk)

subinter.PNG

You can than use Policy routes to route user traffic as required.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1365
0 Kudos
AndreaDV
New Contributor
In response to ebilcari

Created on ‎05-14-2024 08:49 AM

Can i use WAN2 port like this 

aa.jpg

or i have to use a port in trunk mode like this (in this example I had not yet added the two VLANs)

 

2024-05-14_174805.jpg

1289
0 Kudos
ebilcari
Staff
Staff
In response to AndreaDV

Created on ‎05-14-2024 08:55 AM

The first option will do it, it will create "subinterfaces" on the physical interface (wan2) that you can connect on a switchport that sends tagged VLAN traffic with ID 433 and 443.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1689
0 Kudos
sw2090
SuperUser
SuperUser
In response to AndreaDV

Created on ‎05-14-2024 05:41 AM

I still don't really get it :(

Are we talking about Internet connections or just connecting different subnets on different sites?

Can you please describe this more detailed?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1360
0 Kudos
AndreaDV
New Contributor
In response to sw2090

Created on ‎05-14-2024 06:09 AM

there are 2 wan, the first WAN1 is natted on LAN1 of the Forti
the second WAN have only 1 cable outsdide but on this cable there are 2 VLAN with different gateway, in my internal Lan i have 2 different pc (with static route on the correct DG) , how i can configure my WAN 2 interface to have 2 different DG (trunk lan outside)

 

1348
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎05-14-2024 06:18 AM

ok one port can not be a trunk on a fortigate. You would have to create two vlan interfaces that are tied to WAN2 on your FGT. Then you have to have a default route and static routes for what you need.

However you can only have more than one default route for redundancy (and that only as long as you don't use sdwan). The metric (prio/distace) will set which default gw will be used. In case you use sdwan you just need a default route via sdwan and sdwan does the rest for you.

 

So what do you want to route to where?

WAN1 natted to internet only? WAN2 used to access the two vlans behind the other firewall?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1343
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.