Hi
Im looking to do the following, I have 3 wan interfaces (wan1, wan2 and wan3), im looking to make an arrangement of sdwan so some of the users (UsersA) primary output is wan1 with wan2 acting as the fail over, and the rest of the users (UsersB) use wan3 as their primary output with again wan2 acting as a fail over.
The issue im coming across is how do i prevent from Users A from using wan3 as their output, I've set up the users A rule for wan1 and wan2 but when both of these are inactive their output then becomes wan3. Same case for usersB, if wan2 and wan3 are inactive their output becomes wan1. UsersA should never use wan3 and UsersB should never use Wan1
How do I prevent this?, the rules only have their respective wans selected but if none of their wans are available it uses another wan not in its rule.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
if that happens I guess there still must bei one sdwan rule that matches the user and contains wan3. Probably it is the implicite sdwa rule that is always there.
If you set a rule that only matches User A and only contains wan1 and wan2 then the rule will not match if both wan1 and wan2 are unavailable. Same goes for User B.
The rule for Users B will not match Users A but the implicite sdwan rule will always match everything.
So if that does not contain wan3 then if wan1 and wan2 are down nothing will be redirected to wan3 except from Users A.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello
Please refer to the document .
you can configure two SDWAN rules using required Interface for the specific source
Hello @RicardoReyes
You can create sd-wan configuration for three interfaces and create 2 sd-wan rules, for userA you can use manual category to select wan interface and just add wan1 and wan2, same way for UserB you can add wan3 as manual selection.
SD-WAN enables you to manage multiple lines used for the same purpose on an application basis. As shown in the link below, you must select at least one interface as an implicit SD-WAN rule.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/216765/implicit-rule
In your situation, utilizing policy routes could be the appropriate solution.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/144044/policy-routes
if that happens I guess there still must bei one sdwan rule that matches the user and contains wan3. Probably it is the implicite sdwa rule that is always there.
If you set a rule that only matches User A and only contains wan1 and wan2 then the rule will not match if both wan1 and wan2 are unavailable. Same goes for User B.
The rule for Users B will not match Users A but the implicite sdwan rule will always match everything.
So if that does not contain wan3 then if wan1 and wan2 are down nothing will be redirected to wan3 except from Users A.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1028 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.