- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- More than 2 WAN-Links?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
More than 2 WAN-Links?
Hi,
I have a question on how to use multiple WAN Links on a Fortigate unit. I would like to hear how you do it, generally.
Fortigate units have two WAN ports. I am using these both with a lot of customers either for separating traffic via policy routing or for failover or for both at the same time. Now I have some customers in areas where they are not able to get a 50Mbit line but rather 5x 10Mbit lines.
What are the options to use more than two WAN-Links with one unit? Given the background that it is not pppoe but rather separate provider routers as gateways.
Can I utilize LAN Ports as WAN Ports ore something like that?
Thank for your ideas!
Bye,
Tim
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tim,
All ports can be either LAN, WAN or DMZ they dont have any differences except for the label on the ports.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
alright, that' s good to know.
Could you please elaborate what I would have to do to use one of the internal ports for wan:
- First of all, all LAN ports combined are the switch for the internal interface
- I imagine i have to set up a new interface => I can choose vlan or software switch here
- vlan might not bee suitable because i have no ways of tagging the pakets from the provider router
- So i guess i have to go with software switch, right? Something like:
config system switch-interface edit WAN3 set type switch set member port10 (being the LAN port where the third provider router is attached to) endIs that the right way to go? Thanks again, Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It would help if you provided the Fortigate model and firmware running on it. If the internal interface is in switch or interface mode or there is already a soft switch configuration on the Fortigate, you may need to break it. This topic comes up every now and then, you should be able to find examples on how to do this or provide more details about your the current " config system interface" section (san real IP addresses).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dave,
you are right, but the thing is that there is no unit, yet. I' m merely planning a new setup for a customer. Customer wants to decomission some older fortigate units and buy new ones and in that process streamline some other things such as the use of their various internet connections.
I was thinking about 90D' s, if there are no problems known, i would go for the latest firmware release.
The 90D' s would be in switch mode as factory default.
So did i understand correctly:
- The first thing to do would be to switch the unit to interface mode
- Then i can set up a new interface, selecting one of the 14 ports of the 90D (of course the one connected to the third dsl router)
Is that the procedure, roughly?
Bye,
Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A new 5.2 feature is the virtual wan link.
It makes dealing with multiple Wan interfaces a lot easier to manage.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi Adrian,
thanks for the hint. Didn' t read about that new feature, yet. Will look into it.
Thanks,
Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is that the procedure, roughly?More or less. Though on the bigger units (on 5.x) you can create hard switches, which is nice. (Fortigate doesn' t have to directly handle the transfer of traffic between the port members). Can' t tell from the Specs if these newer smaller units have that feature. Was also planing to upgrade to the 90D once we retire our 80CMs (some time next year), but glancing at the product comparison chart for the smaller units, I' m not too impress with the 90D' s AV/IPS throughput when compared to the 80D (those numbers must be off?). You may want to consider going to a larger unit (e.g. 100D or 200D) or a unit with enough muscle to drive 5 x WAN port connections and expected throughput (with or without IPS/AV inspection). I would contact your local Fortinet dealer for sizing up the right Fortigate model for your client or the very least, ask for a demo unit for testing purposes.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dave, Hi Ede,
i talked to the local dealer, he confirmed the numbers in the comparison matrix (same explanation as Ede provided).
I think I will go for the 90D, because the 80D has just 4 RJ45 Ports total which is not enough for my needs (I need at least 5).
The only bottleneck could be AV.
If i want ports and fast AV there is no other possibility than choosing at least a 100D...and accepting a base price the double of a 90D :( .
Thank you all for your help!
Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Dave
The 80D is a special device for high throughput AV. It' s CPU based so firewalling throughput is far less than in a 70D/90D (the 70D is a 90D without internal SSD).
If your focus is on AV then a 80D will cope with high loads better than a 90D. This is typically the case with a pure gateway firewall. Whereas a 90D can be used to segment a (small to medium) LAN as well if you refrain from AV scanning.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
-
FortiGate
6,675 -
FortiClient
1,329 -
5.2
801 -
5.4
639 -
FortiManager
577 -
FortiAnalyzer
422 -
6.0
416 -
5.6
362 -
FortiSwitch
342 -
FortiAP
339 -
FortiClient EMS
272 -
FortiMail
259 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
159 -
6.4
128 -
FortiNAC
109 -
FortiGuard
106 -
FortiSIEM
92 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
79 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
67 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
30 -
SD-WAN
30 -
Firewall policy
29 -
High Availability
24 -
FortiConnect
24 -
VLAN
22 -
FortiWAN
22 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Logging
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
10 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Authentication
8 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSO
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.