Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to direct some IPSec traffic to specific Wan interface ?



I have a Fortigate FG100D.

Here's the context. I've got some IPSEC tunnels working with my wan1 interface. Some "static" site to site, some dynamic with Forticlient endusers.

I'm switching to a new Internet access provider, linked on wan2.

The default route is still wan1

I want to gradually switch my tunnels on wan2. So i "copy" my IPSEC tunnel with wan2 instead of wan1.

My forticlient client incoming on wan2 can't connect. I guess because I need to specify the return route to wan2 for establishing the tunnel.

I can't use policy based routing to divert all IPSEC tunnel traffic to wan2, because I still have some IPSEC tunnels on wan1.

Any idea how to do this ?

Thank you



EDIT: As expected, if i add a static return route to my clients through wan2. It works. Obviously, i can't add route to my clients using laptops and cellular network and forticlient.



Contributor II

Hi Aymeric,


Can you try with 2 two default route on FG100D with same administrative distance and if you want with priority different?

You can check the route before and after changing this routing table.  in cli  get router info routing-table all


You should have 2 entry for the default route (for example)

FortiGate-VM64-KVM # get router info routing-table all S* [1/0] via, port4                   [1/0] via, port2


Best regards,




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors