Hello Dears
I am trying to perferom NAT on my backup ISP but the virtual IP seems is not passthourgh firewall policy since i-is the am seeing the hits of NAT is increase but nothing reconred on firewall policy
ISP1- is the perirmry ISP
ISP2- is the backup
the default route is build on ISP1
any suggestion please
Best
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You need to have a default route in the routing-table for ISP2. Otherwise, any access to the interface would be dropped with "reverse path check, fail" since the current default route is pointing to ISP1 interface.
If you want to keep the second ISP as backup for outgoing but want to use it for incoming for VIPs, you can have two static default routes then set the priority for the ISP2 bound one to like 10 (default is 1) so that the other one to ISP1 will win for outgoing traffic.
Toshi
Hello Dear
Thnx for replying, would it impact on traffic ? So the users would say outgoing on ISP1 and just the NAT would be reply on ISP2?
I made politicy route for server that to ne NATed
If you're warrying about outgoing SNAT traffic adding the second default route with high number of priority won't affect to the existing traffic. But it's a good idea to do that in a maintenance window. And I recommend removing the policy route. That's not necessary if only VIP/DNAT policy would be on ISP2 interface. Policy routes would often get you and create headaches in the future because they wouldn't disappear even when the interface goes down.
Also depends on if your ISP allows a public IP directly to your home.
But yea, if your router external IP is a local IP 172.16-31.x.x, 10.x.x.x, or 192.168.x.x, then its definitely double NAT.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.