I am in the process of switching over from one ISP circuit to another.
I have a /28 on an existing circuit I have a /29 and a /28 on the new circuit, I had the carrier route both the new /29 and /28 to the same gateway.
What I would like to do, is put the new circuit in along side the existing, so I can cut over connections one at a time to the new circuit.
For example:
Circuit A 207.67.1.1/28
207.67.1.2 Gateway
Circuit B 63.146.1.1/29
63.145.1.1/28
63.146.1.2 Gateway
I have two interfaces defined in the same zone (ZoneA).
207.67.1.3/28 from Circuit A
63.146.1.3/29 from Circuit B
I have an existing static route to Circuit A gateway
0/0 - 207.67.1.2 Distance 10, Priority 1 Interface1
I thought all I needed was another static route for Circuit B gateway (same distance, different priority)
0/0 - 63.146.1.2 Disttance 10 Priority 5 Interface2
I am testing with a VIP
I have the VIP and policy setup to NAT from ZoneA/Interface2(63.146.1.3) to an internal address
The routing monitor shows
Static 0/0 - 207.67.1.2 distance 10
Static 0/0 - 63.146.1.2 distance 10
Connected 207.67.1.1/28 - 0/0 Interface1 distance 0
Connected 63.146.1.1/29 - 0/0 Interface2 distance 0
Connected 63.146.1.1/29 - 0/0 Interface2 distance 0
Connected 63.146.1.1/29 - 0/0 Interface2 distance 0
Needless to say, I'm clearly missing something, or fundamentally just don't understand something.
The gateway 207.67.1.2 pings (ping enabled)
The gateway 63.146.1.2 pings (ping enabled)
The interface 63.146.1.3 does not (ping enabled)
Is seeing 63.146.1.1 in the routing table 3 times a clue.
Do I need some sort of policy route to drive the traffic
Or is this just stupid and completely wrong for what I am trying to accomplish
Ron
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Answered one of my questions...the 3 entries in the routing table were due to the fact that I added 2 addtional IP address to the interface (3 total...make sense) to test. I took the 2 secondaries out, and the routing table behaves properly - only one connected shows up
rm
Im thinking that Policy routes would be the best way to do this (or SD-WAN) you could drive specific traffic out whatever interface you want, once the unneeded circuit is void of traffic you should be able to just remove all of the policy routes pertaining to that circuit.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.