Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mannovazzi
New Contributor

Created on ‎12-15-2017 06:01 AM

Routing problem with two ISP connected an two virtual WAN FGT80C

Hello, I find this anomaly on a FORTINET 80C (internet exit route):

I have two WAN connected WAN1 with provider in MPLS and WAN2 divided into 2 virtual called WAN2.1 (Internet provider 1 vlan7) and WAN2.2 (Internet provider 2 vlan8) new activation, the problem that impacts me is the fact that I can run the users on the new line "connected" to WAN2.2, I added the static route with distance equal to that of WAN2.1 but with lower weight in order to make it the main but does not work, what can depend ? The policies entered seem correct, I read other forms but they talk about balancing, but I do not need to balance I need to differentiate the Internet traffic of the server network on WAN2.1 and the client traffic on WAN2.2. I have excluded to use the route policy because it would inhibit the traffic on the WAN1, I tested today. Another strange thing, if I change the default route by setting the WAN2.2 as the main clients ping the public addresses but do not resolve the names ??, while the network serves do not surf more completely.

I thank in advance who can give me some tips, and sorry my English partly helped by google ....

Thank you

Preview file
120 KB
4519
0 Kudos
3 REPLIES 3
rwpatterson
Valued Contributor III

Created on ‎12-15-2017 07:38 AM

Welcome to the forums.

 

Try setting the weight the same on both WAN2.1 and WAN2.2 and us "Policy Route" to split the interesting traffic between the two.

 

One policy route to direct server traffic and one for the users.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1590
0 Kudos
mannovazzi
New Contributor
In response to rwpatterson

Created on ‎12-15-2017 08:00 AM

Hello thanks for the reply, I've already tried but configuring the policy route with gateway the WAN2.2 address works but the traffic on the WAN1 (MPLS) is no longer routed

1590
0 Kudos
tanr
Valued Contributor II
In response to mannovazzi

Created on ‎12-15-2017 09:58 AM

Normally you would set default or more specific static routes with equal distances, but with different priorities.  Matching routes would be found by the most specific, followed by the smallest distance, followed by the highest priority.  Static routes with the same distance but different priorities would remain in the routing table.  Policy routes based on source or service can then be used to route to the interfaces in the routing table that have lower priority and would not be otherwise hit.  Discussion of something similar at https://forum.fortinet.com/tm.aspx?m=153485.

 

Does this match what you're trying to do?

 

If that still doesn't answer your question, please give more detail about your situation:

[ul]
  • Which clients and/or services should be routed out wan1, wan2.1, and wan2.2
  • In which direction will connections be initiated.  For example, are the servers you want accessible on wan2.1 the only hosts that should be initiating outbound connections on wan2.1?  Is wan2.1 the only interface that should allow inbound connections to be initiated?
  • I assume you're using VIPs for the servers?  Are you also using IP Pools?
  • Details of your static routes and policy routes[/ul]
    • 1590
    0 Kudos
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.