Hi
I would like to know the best practice for configuring link Redundancy and to distribute the Internet traffic over both links,
Currently, most of the setting was routed to the static Internet (Slower Speed) and as intended I would like to route most of the internet browsing port 80 to dynamic internet (Higher Speed), also how to resolved the DNS issue since there are two different ISP.
many thanks in advance
There are many documents on this, both on the cookbook website and on this forum. I'll link you to a few of the relevant ones:
https://cookbook.fortinet.com/redundant-internet-basic-failover-56/
https://cookbook.fortinet.com/redundant-internet-with-sd-wan-60/
https://forum.fortinet.com/tm.aspx?m=143704
I'm not sure what you mean about the DNS issue though? Are you hosting a server on-site that needs to be reachable from the Internet? That creates a bit of a different challenge...
lobstercreed wrote:There are many documents on this, both on the cookbook website and on this forum. I'll link you to a few of the relevant ones:
https://cookbook.fortinet.com/redundant-internet-basic-failover-56/
https://cookbook.fortinet.com/redundant-internet-with-sd-wan-60/
https://forum.fortinet.com/tm.aspx?m=143704
I'm not sure what you mean about the DNS issue though? Are you hosting a server on-site that needs to be reachable from the Internet? That creates a bit of a different challenge...
Thank you lobstercreed, for the updates and information, the information really helpful and sort of working but I do have a few issues :
1. For the current settings, we do have a few wifi AP that routed to WAN1 by default, and once I have added an entry to a new WAN 2, our wifi connection found NO Internet and down immediately.
Our current wifi setting -> Under Policy & Objects -> IPv4
wifi port 1 -> wan 1 (Internet)
wifi port 2 -> local 1 ( accsing local machines and file server )
For that, I wasn't sure how to route this traffic to working internet.
Maybe I'm misunderstanding, but it seems the answer to your question is in the question. If your current policy only allows the wifi interfaces to access wan1 and you have not added any policies for wan2, then when you modify your routing to go out wan2 it would be dropped by firewall policy. It is best to use zones or SD-WAN for this purpose so you don't have to make redundant policies, but if you have a lot of config that can be difficult as you basically have to re-do it all.
If you want some help, I have occasionally offered to help remotely (Zoom or TeamViewer) for a reasonable fee. It would probably have to be outside 8-5 (my normal job), but if I can look "over your shoulder" I can probably help you more quickly. Private message me if you want to do that.
Thanks - Daniel
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.