Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Making a specific vlan/IP to use the secondary WAN


I still can't figure out how to do that properly,

We have in most of our offices 2 WAN interfaces, 1 is used as the main and the second one is a backup and we want to use it for the telephony system as well. So in short, all traffic goes by default with let's say WAN1 while the telephony system goes to the internet with WAN2.

both WAN have static IP, same distance on the route, WAN1 has lower priority.

now if I use policy rote, the telephony system will go out with WAN2 but it won't be able to go for example to anything internal on different ports/vlans. and adding a policy route for each vlan it needs to go will just be too much.

is there any other way to do that? I've been told once that changing the order of the WAN in policies "by sequence" will make it work that way but it doesn't work. (I've been told that FortiGate works with this order: 1.static route 2.policy rote 3. policy order)


I would flip the priority to make WAN1 preferred route, then set up a policy-route to steer only telephony traffic to WAN2.

But this wouldn't fail telephony traffic over to WAN1 when WAN2 is having a problem. So instead, I would look for the telephony destination IPs/subnets and set specific routes toward WAN2 for them without a default route, and set up a set of link-monitors to keep checking connectivity.


That's what we did in the past which is not good since it also directs the internal traffic to that specific WAN, we want to avoid using policy routes


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors