Hi Team,
We have a scenario where we want to have two internet output connections to the same ISP, one connection over the WAN with public IP (which is already configured), and the second connection is to be on another LAN interface with private IP. Please check the details below:
The connection is as follows:
Users-->proxy server-->Fortigate-->ISP router-->internet
this connection is going through the WAN public IP.
We want to enable another interface that will be connected to the ISP router with DHCP config to obtain IP/GW, and to influence the traffic to specific destinations to go through the new connection (private IP) using PBR.
The issue we are facing is that once we enable the interface (for example int 5) with DHCP config the internet connection goes down even without using it in any sort of policies.
Thanks.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Superpacket,
When using DHCP, it will automatically retrieve a default route from DHCP server as well and the that default route has an administrative distance of 5 by default (This route will not show up on the GUI).
You can disable it on the FortiGate GUI > Network > Interface > interface 5 > Disable "Retrieve default gateway from server".
After that, you can configure policy routes and firewall policies to specific destinations to go through the new connection and test.
Regards,
Not sure if it is due to the lower default route priority received via DHCP. Can you try configuring a higher priority (greater than 10 of static route) and check?
Ref:https://community.fortinet.com/t5/FortiGate/Technical-Tip-Override-default-route-settings-default-ro...
Thanks for the prompt response.
We checked the static route via GUI after enabling the interface and during the internet is down, there is only one default route to the WAN interface.
On the traffic logs, do you see any reason for traffic drop ? Can you share any instance of the dropped traffic log?
I just checked the logs, and no drops were logged.
I am not 100% sure, if the DHCP route will show under static routes, can you collect "get router info routing-table all" during problem state just to be 100% sure.
Hi @Superpacket,
When using DHCP, it will automatically retrieve a default route from DHCP server as well and the that default route has an administrative distance of 5 by default (This route will not show up on the GUI).
You can disable it on the FortiGate GUI > Network > Interface > interface 5 > Disable "Retrieve default gateway from server".
After that, you can configure policy routes and firewall policies to specific destinations to go through the new connection and test.
Regards,
I was planning for ER605 but sadly it doesn't have a gigabyte port so speeds are capped at 100 Mbps as other companies like Trendnet and Edgerouter aren't available in India and importing one will make it difficult to claim warranty incase anything happens
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.