Hi,
i have a Fortigate 60D , the Config is:
2 WAN with 2 Static IPS (PPPOE)
4x Internal Lan ( VLAN 100/110/120/130)
1x DMZ (VLAN 2100)
I want to use the VLAN 100/110/130) goes through WAN1, VLAN 120 goes through WAN2.
Following config
WAN1 Interface Distance 5 WAN2 Interface Distance 10
Static Route WAN1 Destination 0.0.0.0 Gateway 0.0.0.0 Interface WAN1 Administrative Distance 10 WAN2 Destination 0.0.0.0 Gateway 0.0.0.0 Interface WAN2 Administrative Distance 20
and one Policy Route:
config router policy edit 4 set input-device "c-wohnung-lan" set src "0.0.0.0/0.0.0.0" set srcaddr "all" set dst "0.0.0.0/0.0.0.0" set dstaddr "all" set output-device "wan2" next end
The Plan was the VLAN 100/110/130 take the route to WAN1 because of lower distance on WAN Interface 1 and on static route and the traffic from VLAN 120 uses the policy route that all traffic went to WAN2 => unfortunately all the traffic goes to WAN1.
It seems to be that the Policy did not match.
Here is the Routing table:
S* 0.0.0.0/0 [5/0] via 62.156.244.17, ppp1 C 62.156.244.17/32 is directly connected, ppp1 is directly connected, ppp2 C 80.*.*.218/32 is directly connected, ppp1 C 80.*.*.243/32 is directly connected, ppp2 C 192.168.1.0/24 is directly connected, internal C 192.168.100.0/24 is directly connected, c-verw-lan C 192.168.110.0/24 is directly connected, c-werkstat-lan C 192.168.120.0/24 is directly connected, c-wohnung-lan C 192.168.130.0/24 is directly connected, c-telefon-lan C 192.168.241.0/24 is directly connected, c-verw-dmz
Can someone help me ?
Thanks in Advance
Marco
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Define policy routes as: Incoming = VLAN (define your desired vlan here) Outgoing = Domain Server Source = VLAN subnet/mask Destination = Domain Server IP Incoming = VLAN (define your desired vlan here) Outgoing = WAN Port (define the port from which you want that specific vlan traffic to go) Source = VLAN subnet/mask Destination = 0.0.0.0/0.0.0.0
Hi,
thx for answer. I think the Policy is correct. the Problem is that in the mentioned policy the Gateway Address is set to 0.0.0.0 . If i have a look in the Routing Monitor i have only one route with 0.0.0.0 that Points to WAN1 and so the traffic is going to the Wrong Interface.
You should have both default routes with the same distance so they are both in the routing table.
Then change the preferences for the routes (eg: WAN1= P10 and WAN2= P20) so that WAN1 is the default route that will be used for all traffic.
Your policy route will now work since the route is in the routing table and only c-wohnung-lan will be sent out of WAN2.
Hi,
i tried this at the beginning ( set static Route WAN2 to a higher distance), but this not worked. I read that if you connected via PPPOE static route distance will not work !? Can you confirm this ? So i decided to set Distance to 5 on the WAN1 Interface, and so the second static route 0.0.0.0 ppp2(WAN2) was killed.
Is is possible that i set in the policy the Gateway address to the IP to the WAN2 Gatewayadress instead of the 0.0.0.0 which routed actually to WAN1.
Thanks in Advance
Marco
Since both WAN1 and WAN2 are PPPOE, you can select the option "Retrieve default gateway from server" enabled.
So this will create two Default route with Same distance "5" (default) and priority 0.
So to make the WAN2 as the least preferred default route, set the priority of WAN2 to 10 as show below
config system interface edit "wan2" set vdom "root" set mode pppoe set distance 5 set priority 10 set allowaccess ping fgfm set type physical set role wan
Now you can create your policy route to send the traffic from VLAN120 towards WAN2 and rest of the traffic will use the default route via WAN1 which is the most preferred route.
Hope this helps.
Regards, San
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1472 | |
1007 | |
748 | |
443 | |
207 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.