Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hoaian83
New Contributor

Created on ‎03-16-2017 06:03 PM

Multi WAN of same ISP - 200D (v5.4.4)

Hi all,

 

Please help me the following case as picture on FTG 200D. I have 2 internet line of same ISP (same gateway) and this is what I want for my network:

- 192.168.1.x -> WAN 1 (static ip)

- 10.1.1.x -> WAN 2 (static ip)

- Route 2 network layer above

 

 

As succeeded, 2 networks see each other, in/out through WAN 1 is OK, but I just can make out through WAN 2. The problem is that I cannot ping ip of WAN 2 from outside and cannot access 10.1.1.x through WAN 2 from outside.

 

Please help me config this in GUI.

 

Thanks,

Hoai An

 

 

 

Preview file
21 KB
Labels:
21831
0 Kudos
13 REPLIES 13
zeki893
New Contributor II
In response to hoaian83

Created on ‎03-29-2017 12:47 AM

ya you'll need to use vdoms or another router/firewall to connect the 2nd link. You can't connect that link cuz it's on the same subnet and it would create a loop. 

Another option is you can ask your ISP to set it up as a 2x1G LAG then you'll have a 2G link.

1265
0 Kudos
Carl_Wallmark
Valued Contributor
In response to zeki893

Created on ‎03-29-2017 04:23 AM

Why would it create a loop ?

 

WAN1 and WAN2 would have different IPs, only use the same gateway.

however to use two interfaces on the same subnet you would have to enable "allow subnet-overlap"

 

config system settings

set allow-subnet-overlap

end

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1265
0 Kudos
zeki893
New Contributor II
In response to Carl_Wallmark

Created on ‎03-29-2017 02:27 PM

two links to and from the same network without spanning-tree or LAG would be a loop

1265
0 Kudos
Carl_Wallmark
Valued Contributor
In response to zeki893

Created on ‎03-29-2017 03:08 PM

spanning tree is used for L2 networks and to prevent loops, this is still L3, where we route traffic to and from wan1 and wan2

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1265
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.