Currently, I have ADSL internet line on WAN2 and all traffic (SMTP, HTTP, etc) passes through it. Users complain that it is too slow (6MB down, 1 up). I have our VoIP network (different subnet & physical network) on a Bell Fibe line (25M down and 6 up). There' s plenty of bandwidth to spare on the Bell Fibe line. I thought of running a cable between the Bell Fibe modem and WAN1 port (connect thru PPPoe). Then creating an ALLOW policy from Internal1 to WAN1 allowing only HTTP & HTTPS. DENYing HTTP & HTTPS on the Internal1 to WAN2 policy. That way our email server & other services would just use WAN2.
I tried doing that and it didn' t work. The Internal1 to WAN2 deny HTTP/HTTPS policy blocked web browsing for users on Internal1 network. But it seems the Internal1 to WAN1 policy didn' t pick up the requests.
What am I missing?
Using Fortigate 80C on v5.0,build0271
A security policy will not ROUTE traffic on it' s own.
For routing, a route is needed. In your case not the destination is the routing criterion but the service. Therefore, you need to create a Policy Route, specifying that HTTP(S) will be routed to WAN1.
Please have a look at the FortiOS Handbook, chapter " Advanced Routing" , to learn the underlying principles.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.