Hello,
I have a Fortigate with two Internet connections coming into it. I would like to dedicate one of the connections to a IPSEC VPN and the other connection for web surfing. I have set up a policy route to send all Internet traffic out of my surfing connection but when I do a speedtest the IP address that is returned is that of my VPN connection.
Have I missed something along the way? How can I tell what connection my surfing traffic is going through?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PBR is what I would be going with too. Is it possible to show the config for the PBR you created please?
Also just to confirm, when you look at the routing monitor, can you see a default gateway for both internet connections?
If your policy route just redirects "surfing" (as in http/https) this will not work.
The "What's my IP?" sites don't use http IIRC. It's either a UDP protocol or ICMP, not sure though.
This is my config for the Policy route
Protocol: any
Incoming address: internal
SOurce: 0.0.0.0/0.0.0.0
destination: 0.0.0.0/0.0.0.0
Type of service: bit pattern 0x00: bit mask 0x00
force traffic out: wan2
gateway: 121.75.223.254
I have a connected route in the routing monitor for this connection.
As neonbit also suggests confirm, under the routing monitor, that you can see a default gateway for each internet connection.
thx,
yiannis
Hello,
If you don't have many VPN IPSec peers, you can do the following. We have done the same configuration on few sites :
- wan1 is for vpn ipsec
- wan2 is for web surfing.
We only use static routing for that.
For web surfing :
- Set up the default gateway through the wan2 interface.
- Create the policy for user web access
For VPN IPSec :
- Create the VPN IPsec and assign it to the wan1 interface
- Create a static route for the vpn peer through the wan1 interface.
Hope this help.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.