Hello everybody,
I have a Firewall connected to Dual ISP , WAN1 and WAN2:
WAN1 is used by the Staff_NET to go to the Internet.
WAN2 is used by WIFI Client to surf the Internet.
My goals is to :
- Configure the Failover (means Staff-NET VLAN can use WAN2 if WAN1 goes Down and also WIFI client can use WAN1 if their primary link (WAN2) goes Down. --> For that I used "Policy Routes" as follow:
Staff_NET --> WAN1
WIFI_Client --> WAN2
Staff_NET --> WAN2
WIFI_Client --> WAN1
I'm Assuming that rules are read by sequence number. Is this config is correct or there is a better way?
- My second concern is to know how to configure Link Monitor for example ping 8.8.8.8 from WAN1 is there is no response the route will be disabled ?
Any idea ?
Thank you
any reason you dont want to use SD-WAN?
policy routes are read in order indeed
for the monitoring you will have to go to the CLI only system link-monitor
Thank for your answer ,
Well I don't want to use SD-WAN because I have two unequal Links(WAN1 and WAN2) and I have two LAN Networks , I want LAN1 to use the WAN1 and LAN2 to use the WAN2 this is the company policy for now, BUT we want traffic to use other link only if their Primary WAN that is dedicated for it is DOWN.
This why I see that using Policy routing and Link monitor is the best option.
SD-WAN should be able to handle unequal links fine, it is quite broad in applications.
but it is your choice, policy routes and link monitor will do something similar. what im missing is the GUI part of it, SD-WAN makes it all a little easier to configure and monitor.
I have just done a test using SD-WAN and I think it's working fine , I was thinking that with SD-WAN I can't force LAN1 to use the WAN1 and LAN2 to use the WAN2 and do the failover if any WAN link goes DOWN , but apparently it works using "SD-WAN Rules" and "Performance SLA".
Is that correct what I did or there is a better approach?
SD-WAN rules are policy routes. No wonder it works this way now.
Thank all of you for your answers :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.