Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
iaminit
New Contributor

Created on ‎04-25-2023 08:46 AM

SD WAN and NAT

If I have a Fortigate 60F with 2 ISPs setup as an SD WAN interface, how do I setup inbound NAT so that it works with the failover ISP? For instance, I have several VIPs and inbound NATs currently tied to the primary ISP public IP address. Now I have a 2nd ISP, what  happens to the ability to connect into the network if the primary ISP goes down?

Labels:
1416
0 Kudos
2 REPLIES 2
gfleming
Staff
Staff

Created on ‎04-25-2023 08:55 PM

Create two VIPs, one for each wan interface. Note you won't be using SD-WAN to determine how outside clients connect to you. You'll need some form of mechanism so clients know not to connect to your dead ISP. DNS failover is one method of doing this where you use external health checks to dynamically update your DNS pointers...

Cheers,
Graham
1397
0 Kudos
Christian_89
Contributor III

Created on ‎04-25-2023 10:07 PM

Hello

You can set the VIP only to one WAN address. in DNS you can also set only one address.

As Graham already wrote make a simple 2 VIP with the 2WAN address.

1390
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.