Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
WEQ-Technologies
New Contributor

Created on ‎04-15-2022 01:54 AM Edited on ‎04-15-2022 02:12 AM

Two default routes on one interface

Hello everyone,

I just wanted to make sure if this is going to work:

 

Our customer has two WAN subnets which are connected to one interface on the FortiGate. Therefore I need two default routes, one to each gateway. The secondary subnet is configured as secondary IP at the wan1 interface. Does the FortiGate know automatically which gateway it should choose? (See the attached images)

Unfortunately I cannot test this yet since it's not installed at the customer's site...

 

Thank you in advance!

 

2022-04-15_10-42_1.png2022-04-15_10-42.png

Labels:
2367
0 Kudos
1 Solution
aahmadzada
Staff
Staff

Created on ‎04-15-2022 02:20 AM

Hi,
By default, FortiOS will perform ECMP with such a setup.
Can you please tell me the reason you would like to assign these secondary IP addresses to the wan interface?
Are these IP addresses will be used in SNAT, DNAT?

 

Ahmad

Ahmad

View solution in original post

2350
4 REPLIES 4
aahmadzada
Staff
Staff

Created on ‎04-15-2022 02:20 AM

Hi,
By default, FortiOS will perform ECMP with such a setup.
Can you please tell me the reason you would like to assign these secondary IP addresses to the wan interface?
Are these IP addresses will be used in SNAT, DNAT?

 

Ahmad

Ahmad
2351
WEQ-Technologies
New Contributor
In response to aahmadzada

Created on ‎04-15-2022 02:37 AM

Hi, thanks for the reply!

This is because the previous firewall (Barracuda) had such a setup so I took it and transfered it 1:1 to the FortiGate. I have some VIPs that I guess would work just fine but ECMP of course is not what I want. So I guess I will use two seperate interfaces for the two subnets and use SD-WAN instead...

 

Benedikt

2312
0 Kudos
aahmadzada
Staff
Staff
In response to WEQ-Technologies

Created on ‎04-15-2022 03:19 AM

Not sure how Barracuda does work, but on FortiOS If these IP addresses will be used for SNAT/DNAT, there is no need to "host" them on the wan interface.

Ahmad

Ahmad
2300
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎04-15-2022 08:56 AM

You should dig into Barracuda config further to understand why it was configured that way. My instant guess is one of them was an old one and a secondary IP was used for transition, then it was never removed after it's completed. Means one of them might not be working now. You might need to talk to your ISP to figure it out.

 

Toshi

2287
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.