Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- More than 2 WAN-Links?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
More than 2 WAN-Links?
Hi,
I have a question on how to use multiple WAN Links on a Fortigate unit. I would like to hear how you do it, generally.
Fortigate units have two WAN ports. I am using these both with a lot of customers either for separating traffic via policy routing or for failover or for both at the same time. Now I have some customers in areas where they are not able to get a 50Mbit line but rather 5x 10Mbit lines.
What are the options to use more than two WAN-Links with one unit? Given the background that it is not pppoe but rather separate provider routers as gateways.
Can I utilize LAN Ports as WAN Ports ore something like that?
Thank for your ideas!
Bye,
Tim
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tim,
All ports can be either LAN, WAN or DMZ they dont have any differences except for the label on the ports.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
alright, that' s good to know.
Could you please elaborate what I would have to do to use one of the internal ports for wan:
- First of all, all LAN ports combined are the switch for the internal interface
- I imagine i have to set up a new interface => I can choose vlan or software switch here
- vlan might not bee suitable because i have no ways of tagging the pakets from the provider router
- So i guess i have to go with software switch, right? Something like:
config system switch-interface edit WAN3 set type switch set member port10 (being the LAN port where the third provider router is attached to) endIs that the right way to go? Thanks again, Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It would help if you provided the Fortigate model and firmware running on it. If the internal interface is in switch or interface mode or there is already a soft switch configuration on the Fortigate, you may need to break it. This topic comes up every now and then, you should be able to find examples on how to do this or provide more details about your the current " config system interface" section (san real IP addresses).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dave,
you are right, but the thing is that there is no unit, yet. I' m merely planning a new setup for a customer. Customer wants to decomission some older fortigate units and buy new ones and in that process streamline some other things such as the use of their various internet connections.
I was thinking about 90D' s, if there are no problems known, i would go for the latest firmware release.
The 90D' s would be in switch mode as factory default.
So did i understand correctly:
- The first thing to do would be to switch the unit to interface mode
- Then i can set up a new interface, selecting one of the 14 ports of the 90D (of course the one connected to the third dsl router)
Is that the procedure, roughly?
Bye,
Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A new 5.2 feature is the virtual wan link.
It makes dealing with multiple Wan interfaces a lot easier to manage.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi Adrian,
thanks for the hint. Didn' t read about that new feature, yet. Will look into it.
Thanks,
Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is that the procedure, roughly?More or less. Though on the bigger units (on 5.x) you can create hard switches, which is nice. (Fortigate doesn' t have to directly handle the transfer of traffic between the port members). Can' t tell from the Specs if these newer smaller units have that feature. Was also planing to upgrade to the 90D once we retire our 80CMs (some time next year), but glancing at the product comparison chart for the smaller units, I' m not too impress with the 90D' s AV/IPS throughput when compared to the 80D (those numbers must be off?). You may want to consider going to a larger unit (e.g. 100D or 200D) or a unit with enough muscle to drive 5 x WAN port connections and expected throughput (with or without IPS/AV inspection). I would contact your local Fortinet dealer for sizing up the right Fortigate model for your client or the very least, ask for a demo unit for testing purposes.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dave, Hi Ede,
i talked to the local dealer, he confirmed the numbers in the comparison matrix (same explanation as Ede provided).
I think I will go for the 90D, because the 80D has just 4 RJ45 Ports total which is not enough for my needs (I need at least 5).
The only bottleneck could be AV.
If i want ports and fast AV there is no other possibility than choosing at least a 100D...and accepting a base price the double of a 90D :( .
Thank you all for your help!
Tim
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Dave
The 80D is a special device for high throughput AV. It' s CPU based so firewalling throughput is far less than in a 70D/90D (the 70D is a 90D without internal SSD).
If your focus is on AV then a 80D will cope with high loads better than a 90D. This is typically the case with a pure gateway firewall. Whereas a 90D can be used to segment a (small to medium) LAN as well if you refrain from AV scanning.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,620 -
FortiClient
1,741 -
5.2
801 -
FortiManager
720 -
5.4
639 -
FortiAnalyzer
552 -
FortiSwitch
470 -
FortiAP
464 -
FortiClient EMS
421 -
6.0
416 -
5.6
362 -
FortiMail
315 -
6.2
251 -
SSL-VPN
236 -
FortiAuthenticator v5.5
234 -
Fortiweb
205 -
IPsec
203 -
5.0
196 -
FortiNAC
186 -
FortiGuard
139 -
6.4
128 -
SD-WAN
113 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiAuthenticator
95 -
FortiToken
89 -
Customer Service
79 -
Firewall policy
78 -
Wireless Controller
77 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
56 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
51 -
ZTNA
48 -
FortiExtender
45 -
FortiSandbox
44 -
Routing
44 -
FortiDNS
42 -
DNS
42 -
LDAP
41 -
BGP
40 -
Authentication
37 -
SAML
36 -
FortiGate v5.4
35 -
NAT
35 -
FortiSwitch v6.4
34 -
Certificate
34 -
RADIUS
32 -
SSO
31 -
Interface
31 -
FortiLink
29 -
FortiConnect
28 -
VDOM
28 -
FortiWAN
27 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Automation
14 -
Static route
14 -
System settings
14 -
IP address management - IPAM
14 -
snmp
13 -
FortiCASB
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
FortiManager v4.0
10 -
IPS signature
10 -
Security profile
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
Proxy policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiGate-VM
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
TACACS
2 -
Schedule
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1688 | |
| 1087 | |
| 752 | |
| 446 | |
| 227 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.