Hi,
Assistance with a network configuration. We have two internet modems in our current setup:
1. A fiber connection linked to the Forti WAN port.
2. A DIA with a static IP connected to Forti port number 4.
The internet is functioning correctly from the WAN port, now we need the user login to specified sites accessed exclusively through port number 4.
Modem: FortiWiFi 30E
Firmware: v6.2.15 build1378 (GA)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
So far looks fine. Can you ping "fast.com"? Since I can ping it from my 40F, you should be able to. If not, try traceroute.
fg40f-utm (root) # exe ping fast.com
PING fast.com (23.5.241.75): 56 data bytes
64 bytes from 23.5.241.75: icmp_seq=0 ttl=55 time=19.7 ms
64 bytes from 23.5.241.75: icmp_seq=1 ttl=55 time=19.6 ms
64 bytes from 23.5.241.75: icmp_seq=2 ttl=55 time=19.6 ms
64 bytes from 23.5.241.75: icmp_seq=3 ttl=55 time=19.6 ms
64 bytes from 23.5.241.75: icmp_seq=4 ttl=55 time=19.6 ms
--- fast.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 19.6/19.6/19.7 ms
fg40f-utm (root) # exe traceroute fast.com
traceroute to fast.com (23.5.241.75), 32 hops max, 3 probe packets per hop, 84 byte packets
1 63.231.10.70 <tukw-dsl-gw70.tukw.qwest.net> 1.366 ms 1.881 ms 1.909 ms
2 63.226.198.41 <63-226-198-41.tukw.qwest.net> 2.014 ms 1.898 ms 1.900 ms
3 * * *
4 4.69.219.65 <ae2.3605.edge9.sanjose1.level3.net> 18.981 ms * *
5 4.14.32.70 <citigroup-i.bar2.sanfrancisco1.level3.net> 200.976 ms 124.634 ms 203.926 ms
6 * * *
7 * * *
8 23.5.241.75 <fast.com> 19.540 ms 19.830 ms 19.459 ms
Toshi
In step 4 (firewall policy), destination should be All.
Then go to SD-WAN rules, and add the following rule:
Then add another SD-WAN rule "below" of the previous one:
That will make things exactly in the way you requested.
I found two cloud servers not running. All servers are now working fine.
Hi @ATOON ,
I believe you can achieve that by configuring static routes to those destinations and use the DIA connection (port4) as exit interface.
Thanks for your reply, can explain the way
If the sites' IP won't change, the easiest way is to find out IP of the site by pinging Site1/2.com, and set two static route to those two /32 destinations toward port4. Then you need a general NAT policy toward port4 in addition to you already have twoard wan.
Since the default route is still pointing toward wan while only two /32 destinations are pointed toward port4, all other destinations should follow the existing policy toward wan.
Toshi
Thanks for your message, IP of the sites is changed, need configure by FQDN
I have previously tried this method without success.
And when configuring an FQDN, such as "site.com/A". ran into a problem when trying to use "/A", also I tried using a wildcard such as "*.site.com" but the same issue.
Additionally, I try added an address to the site "fast.com" and configured a static path to it, but I cannot access it. The browser return an error "This site cannot be reached"
Created on 04-05-2024 03:41 PM Edited on 04-05-2024 03:46 PM
"/A" is not a part of FQDN, which can be resolved to IP addresses. FQDN and Wildcard FQDN are different type of object, and looks like Wildcard FQDN is not supported as address object.
And, looks like at least with 7.2.8, I can't configure "set dynamic-gateway enable" for the static route via GUI. If your wan interface is DHCP or PPPoE, you might need to configure it in CLI. This might be a bug. I just upgraded my 40F last night. I had to use CLI.
Check your routing table with "get router info routing-table static" to see the destination IPs show up.
Toshi
Looks like it's not a bug but probably a limitation of GUI. I see the same with 7.0.12 on another 40F I have.
Created on 04-05-2024 04:57 PM Edited on 04-05-2024 05:07 PM
Thanks, bro, for following my issue, can provide and guidance me how you configure your Forti by CLI.
Modem: FortiWiFi 30E
Firmware: v6.2.15 build1378 (GA)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1703 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.