Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
krick
New Contributor

Site to Site VPN route through specific interface

We are switching from Sonicwall to Fortinet. We will have a 200f at our main location and 70f at each remote location connected with a site to site VPN. Initially we will setup the remote Sonicwalls to connect to the 200f with a site to site VPN. I have this tested and seems to be working fine. We will then replace each remote Sonicwall the the 70fs. My problem is this: we have 3 WAN connections on the 200f - I want 1 dedicated for the VPN connections only and 2 as outbound internet. How do I setup the fortinet to dedicate the 1 WAN only for VPN connections? If is setup the static routes if the VPN WAN connection is not the highest priority the VPNs won't connect as the Sonicwalls see a different IP when connecting. Does that make sense? Also when the VPN WAN connection is the highest all internet traffic routes through this connection. Hopefully this makes sense what I am trying to accomplish.

omegle xender
2 REPLIES 2
Markus_M
Staff
Staff

Hi krick,

 

depends on how you want to connect. Guessing it is an IPSec tunnel (there is SSLVPN s2s tunnels too), you could set a static route not as default route but for the IP of the 70F only to go out on wan1 (for example), like 1.2.3.4/32 or whatever subnet the other 70Fs have.

 

Hope that makes sense.

 

Best regards,

 

Markus

 

hbac
Staff
Staff

Hi @krick,

 

You can give static routes of all WAN interfaces the same administrative distance but give the WAN dedicated to VPN lower priority. That way, normal traffic will be routed to the WAN interfaces with higher priority. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an...

 

Regards, 

Labels
Top Kudoed Authors