I have a Fortigate FG100D.
Here's the context. I've got some IPSEC tunnels working with my wan1 interface. Some "static" site to site, some dynamic with Forticlient endusers.
I'm switching to a new Internet access provider, linked on wan2.
The default route is still wan1
I want to gradually switch my tunnels on wan2. So i "copy" my IPSEC tunnel with wan2 instead of wan1.
My forticlient client incoming on wan2 can't connect. I guess because I need to specify the return route to wan2 for establishing the tunnel.
I can't use policy based routing to divert all IPSEC tunnel traffic to wan2, because I still have some IPSEC tunnels on wan1.
Any idea how to do this ?
EDIT: As expected, if i add a static return route to my clients through wan2. It works. Obviously, i can't add route to my clients using laptops and cellular network and forticlient.
Can you try with 2 two default route on FG100D with same administrative distance and if you want with priority different?
You can check the route before and after changing this routing table. in cli get router info routing-table all
You should have 2 entry for the default route (for example)
FortiGate-VM64-KVM # get router info routing-table all
S* 0.0.0.0/0 [1/0] via 10.10.17.254, port4
[1/0] via 10.10.18.254, port2
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.