Looking to replace two provider CEs with Fortigate 201Fs. Currently both CEs are active and we have traffic going out each depending on serivces to the internet. We also have a 500Mbps Express route terminating to one CE. Questions I have is the ability to use both ISPs outbound I assume things like PBR will be needed? Or if both are active in a LB method, I am looking at creating duplicate policy rules, One per ISP zone?
When others are using fortigates for their CEs/firewalls, are you using your public IP space from Fortigate inside to your network core? Or are you having your ISP do a NAT of some sort?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Steven, Good day!
> is the ability to use both ISPs outbound I assume things like PBR will be needed? Or if both are active in a LB method, I am looking at creating duplicate policy rules, One per ISP zone?
= You can connect both the ISPs to the FGT and steer the traffic as per needs using PBR or SDWAN, OR you can use Load-balancing.
https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/19246/sd-wan
https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/144044/policy-routes
For Internet connectivity, SNAT can be done on the FGT Firewall. It can be the egressing interface IP or the custom IPPOOL.
Please let us know if you have more questions.
Thanks.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1548 | |
1032 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.