Hi,
I still can't figure out how to do that properly,
We have in most of our offices 2 WAN interfaces, 1 is used as the main and the second one is a backup and we want to use it for the telephony system as well. So in short, all traffic goes by default with let's say WAN1 while the telephony system goes to the internet with WAN2.
both WAN have static IP, same distance on the route, WAN1 has lower priority.
now if I use policy rote, the telephony system will go out with WAN2 but it won't be able to go for example to anything internal on different ports/vlans. and adding a policy route for each vlan it needs to go will just be too much.
is there any other way to do that? I've been told once that changing the order of the WAN in policies "by sequence" will make it work that way but it doesn't work. (I've been told that FortiGate works with this order: 1.static route 2.policy rote 3. policy order)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would flip the priority to make WAN1 preferred route, then set up a policy-route to steer only telephony traffic to WAN2.
But this wouldn't fail telephony traffic over to WAN1 when WAN2 is having a problem. So instead, I would look for the telephony destination IPs/subnets and set specific routes toward WAN2 for them without a default route, and set up a set of link-monitors to keep checking connectivity.
That's what we did in the past which is not good since it also directs the internal traffic to that specific WAN, we want to avoid using policy routes
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.