Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Martin_Hancock
New Contributor II

Two Internet Connections - Splitting Traffic

Hello,

 

I have a Fortigate with two Internet connections coming into it.  I would like to dedicate one of the connections to a IPSEC VPN and the other connection for web surfing.  I have set up a policy route to send all Internet traffic out of my surfing connection but when I do a speedtest the IP address that is returned is that of my VPN connection.

 

Have I missed something along the way?  How can I tell what connection my surfing traffic is going through?

5 REPLIES 5
neonbit
Valued Contributor

PBR is what I would be going with too. Is it possible to show the config for the PBR you created please?

 

Also just to confirm, when you look at the routing monitor, can you see a default gateway for both internet connections?

gschmitt
Valued Contributor

If your policy route just redirects "surfing" (as in http/https) this will not work.

The "What's my IP?" sites don't use http IIRC. It's either a UDP protocol or ICMP, not sure though.

Martin_Hancock
New Contributor II

This is my config for the Policy route

 

Protocol: any

Incoming address: internal

SOurce: 0.0.0.0/0.0.0.0

destination: 0.0.0.0/0.0.0.0

Type of service: bit pattern 0x00: bit mask 0x00

 

force traffic out: wan2

gateway: 121.75.223.254

 

I have a connected route in the routing monitor for this connection.

ykonstantakopoulos
New Contributor III

As neonbit also suggests confirm, under the routing monitor, that you can see a default gateway for each internet connection.

 

thx,

 

yiannis

cbesse

Hello,

If you don't have many VPN IPSec peers, you can do the following. We have done the same configuration on few sites :

- wan1 is for vpn ipsec

- wan2 is for web surfing.

 

We only use static routing for that.

For web surfing :

 - Set up the default gateway through the wan2 interface.

 - Create the policy for user web access

 

For VPN IPSec :

 - Create the VPN IPsec and assign it to the wan1 interface

 - Create a static route for the vpn peer through the wan1 interface.

 

Hope this help.

Regards,

 

Labels
Top Kudoed Authors