How to set default internet line

shahruddin · ‎04-24-2018

I have 2 internet line that use dedicated IP address connect to the fortigate 600C.

As default when user using internet it will use A internet line, how to change B internet as default.

I found similar topic (https://forum.fortinet.com/tm.aspx?m=55676) while creating this post but I did not understand what the thread is talking about.

Please help to guide how to do it because I really new and don`t have any idea how to do it.

Thanks.

Bubu · ‎04-24-2018

Hi,

Simply create a second static route for line B with a distance and priority lower than the route of line A. Then create a policy to allow internal traffic to the secondary WAN.

This procedure allows you to define your default B line. If you want to load balance or other, you will need to make other changes.

BR

Bubu

Toshi_Esumi · ‎04-24-2018

I'm assuming a policy or a set of policies is allowing internet access via both interfaces. Then it's about the default route both interfaces have. Currently a default route toward A internet line is wining. Then do you have two static default routes configured in different costs? Or FG600C is pulling DHCP/pppoe default routes from both internet circuits but different distances are set in interface config?

Check interface config with in CLI:

config sys int

show

then if it's not pulling, check static routes

config router static

show

You need to flip the config between A side and B side whatever you have now.

shahruddin · ‎04-25-2018

Hi Bubu, I have tested your method and manage to change B line as default but however after that our 3 branches the tunneling to HQ is down, Others 3 is ok.

what I do was login to fortigate --> router --> static routes --> edit static routes B line (Distance = 3 Priority = 3)

Why other 3 branches down ? Is there any settings that I miss?

===========================================================================

Hi Toshi

* I'm assuming a policy or a set of policies is allowing internet access via both interfaces - Yes

* Below part I not sure and tried your suggestion to check via CLI and there is lot of info and I`m lost while looking for the right info

Currently a default route toward A internet line is wining. Then do you have two static default routes configured in different costs? Or FG600C is pulling DHCP/pppoe default routes from both internet circuits but different distances are set in interface config?

Bubu · ‎04-25-2018

shahruddin wrote:
Hi Bubu, I have tested your method and manage to change B line as default but however after that our 3 branches the tunneling to HQ is down, Others 3 is ok.

what I do was login to fortigate --> router --> static routes --> edit static routes B line (Distance = 3 Priority = 3)

Why other 3 branches down ? Is there any settings that I miss?

Regarding VPN tunnels, what do you have as configuration "policy based or route based"? Can you please forward us all active routes?

get router info routing-table all

Thanks

Bubu

shahruddin · ‎04-25-2018

Configure using route based.

Bubu · ‎04-25-2018

My advice to you: Leave default VPNs at distance 10 priority 0 Line B in distance 20 priority 0 Line A in distance 20 priority 10

Bubu

Toshi_Esumi · ‎04-26-2018

So you're using two default static routes on two ppp interfaces w/ priority 17 on the second one. You just need to flip them to use Line B. Or just use Bubu's suggestion.

How to set default internet line

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website