Hi, All.
I have a Fortigate 201E, with multiple WAN interfaces,
I am trying to change "Administrative Distance" on the static routes i have, so that some of the WAN interfaces are used more frequently than others.
Whenever I do that, VIP that is not pointed to the lowest "Administrative Distance" (or at least equal) will not work.
Do I have to use policy route?
Thank you
Sahar
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
yeah, you can't and shouldn't use distance for that.
if you want to spread traffic over multiple interfaces have a look what is currently called SD WAN
https://cookbook.fortinet.com/redundant-internet-with-sd-wan-60/
Thank you for the reply,
I am using SD-WAN interface as well, I have a lot of WAN interfaces not all are used in the SD-WAN.
What I don't understand is how administrative distance influences VIP, and incoming traffic.
I was trying to change distance to avoid using Policy Route, to use a specific outbound interface for a specific network.
But I guess Policy Route is the way to go.
saharhod wrote:What I don't understand is how administrative distance influences VIP, and incoming traffic.
for incoming traffic the issue lies with the reverse path check, it is a feature that makes sure that traffic only enters on an interface it is expected.
see https://kb.fortinet.com/kb/documentLink.do?externalID=FD30543
when you have two routes towards the internet with different administrative distances then only one is in the routing table. which means that traffic on the other interface will be dropped because of the reverse path check as it compares the routing table with the traffic seen.
so you need to keep the same administrative distance and different priorities to make this work for incoming traffic.
for outgoing traffic you then use SD-WAN and perhaps policy routes, depending if you want to load balance outgoing traffic or determine what interface is used.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.