Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Route WiFi Traffic to different WAN Port
Hi all!
I have a problem routing a WLAN SSID to a dedicated wan port.
- I have one default gateway, routing anything to WAN1.
- I have rules allowing traffic from Internal AND WiFi to WAN1
So long, anything is working from network internal and WiFi.
Now it comes to the second SSID, WiFi_Guest. I want any traffic from
this interface routed to WAN2.
- I have a rule allowing traffic from WiFi_guest to WAN2
But how can i say that traffic from WiFi_guest should be routed to WAN2? IP-Address/Gateway and naeserver changes daily on WAN2, so i did not know.
Could someone give me a tip?
Thanks a lot!

5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
if you need routing based on the source address (source subnet) then you need to create a Policy Route. See Handbook for details. PBR does not need a gateway address to function, the interface (WAN 2) is sufficient.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ratschko,
As per Ede' s response, you can implement a policy based route to force all wifi-guest traffic out of WAN2.
I believe the below config should work in your environment.

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, thanks a lot for your help.
I already configure it, but i got no reply from hosts. packets goes to my default gateway but no further.
WiFi_Guest gets ip-address from fortigate-dhcp, default gateway is interface of wifi_guest.
I have only one default static route, says 0.0.0.0/0.0.0.0 goes through interface INTERNAL.
I have only one policy route, that looks exactly like yours in the screenshot.
(If source if wifi_guests, forward to wan2)
I have on policy rule, allowing any/any from wifi_guest to wan2
How can i debug this to find the fault?

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have to make sure, that the checkbox " Retrieve Default Gateway" is checked on the configuration of interface WAN2. The distance should be the same as the distance of the default gateway for WAN1, but the priority value should be a higher number. Otherwise the Fortigate has no clue where to send the packets with the policy route.
And don' t forget the NAT on the firewall policy from wifi_guest to wan2
Sylvia.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sylvia,
many many thanks!! Route distance was the tip of the day :) I had to put wan1 and wan2 on same distance.
Again, thanks!
