Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ratschko
New Contributor

Created on ‎07-28-2014 01:26 AM

Route WiFi Traffic to different WAN Port

Hi all! I have a problem routing a WLAN SSID to a dedicated wan port. - I have one default gateway, routing anything to WAN1. - I have rules allowing traffic from Internal AND WiFi to WAN1 So long, anything is working from network internal and WiFi. Now it comes to the second SSID, WiFi_Guest. I want any traffic from this interface routed to WAN2. - I have a rule allowing traffic from WiFi_guest to WAN2 But how can i say that traffic from WiFi_guest should be routed to WAN2? IP-Address/Gateway and naeserver changes daily on WAN2, so i did not know. Could someone give me a tip? Thanks a lot!
Preview file
18 KB
8631
0 Kudos
5 REPLIES 5
ede_pfau
SuperUser
SuperUser

Created on ‎07-28-2014 01:37 AM

hi, if you need routing based on the source address (source subnet) then you need to create a Policy Route. See Handbook for details. PBR does not need a gateway address to function, the interface (WAN 2) is sufficient.

Ede


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
1888
0 Kudos
neonbit
Valued Contributor

Created on ‎07-28-2014 05:07 PM

Hi Ratschko, As per Ede' s response, you can implement a policy based route to force all wifi-guest traffic out of WAN2. I believe the below config should work in your environment.
Preview file
48 KB
1888
0 Kudos
Ratschko
New Contributor

Created on ‎07-29-2014 12:14 AM

Hi, thanks a lot for your help. I already configure it, but i got no reply from hosts. packets goes to my default gateway but no further. WiFi_Guest gets ip-address from fortigate-dhcp, default gateway is interface of wifi_guest. I have only one default static route, says 0.0.0.0/0.0.0.0 goes through interface INTERNAL. I have only one policy route, that looks exactly like yours in the screenshot. (If source if wifi_guests, forward to wan2) I have on policy rule, allowing any/any from wifi_guest to wan2 How can i debug this to find the fault?
Preview file
147 KB
1888
0 Kudos
Sylvia
Contributor II
In response to Ratschko

Created on ‎07-29-2014 03:42 AM

You have to make sure, that the checkbox " Retrieve Default Gateway" is checked on the configuration of interface WAN2. The distance should be the same as the distance of the default gateway for WAN1, but the priority value should be a higher number. Otherwise the Fortigate has no clue where to send the packets with the policy route. And don' t forget the NAT on the firewall policy from wifi_guest to wan2 Sylvia.
1888
0 Kudos
Ratschko
New Contributor

Created on ‎07-29-2014 07:55 AM

Hi Sylvia, many many thanks!! Route distance was the tip of the day :) I had to put wan1 and wan2 on same distance. Again, thanks!
1888
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.