Dears,
I want to connect three internet connections (connected to three different ISPs) to my Fortigate firewall, accordingly I want to configure the fortigate to route traffic based on the source subnet.
Let's say that my network is divided into three different VLANs with different subnets addresses as shown below:
[ul]Also, the internet connection are connected to below Outside interfaces on the fortigate:
[ul]My target is to configure the fortigate to route Internet traffic based on the source subnet as mentioned below:
[ul]Any ideas ??????
Appreciate your feedback.
Best Regards,
Begad Ahmed
Funny, I was just working on the exact same issue a few hours ago. So far I came up with no idea. Maybe it is possible to use three vdoms to seperate the isps (routing tables) and vlans. But it sucks if you want to allow inter vlan traffic (because you have to configure inter-vdom links). But hopefully someone else has a good idea to realize that. I would slso love to hear any suggestions.
Regards Rene ---
[size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size]
Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B
Hello,
This can be achieved with 3 default routes and 3 policy based routes
- Connect all the 3 ISPs to 3 Interfaces of the Fortigate and configure it accordingly
- Have equal distance for all the default routes
- Create 3 policy based routes from the respective VLAN1 > Outside1 with respective source address and do the same for other VLANs
- One challenge would be, what if VLANs should be allowed communicate with each other (VLAN1 > VLAN2)
- You need another Policy based route for specific destinations on top of all
Hope that helps
Regards Rene ---
[size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size]
Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B
Another scenario is to create 3 vdoms with each a VLAN and corresponding ISP.
This eliminates the need of policy based routing. Which, as a rule of thumb should be a last resort and not a standard solution to use.
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
agreed
And use inter-vdom links with the correct fwpolicies between vlans traffic.
PCNSE
NSE
StrongSwan
Thanks for your reply !!
Can you please share with me sample of configuration required to fulfill my requirements ?
Best Regards,
Begad Ahmed
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.