Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Superpacket
New Contributor

Two internet connections one ISP

Hi Team,

 

We have a scenario where we want to have two internet output connections to the same ISP, one connection over the WAN with public IP (which is already configured), and the second connection is to be on another LAN interface with private IP. Please check the details below:

 

The connection is as follows: 

 

Users-->proxy server-->Fortigate-->ISP router-->internet

 

this connection is going through the WAN public IP.

 

We want to enable another interface that will be connected to the ISP router with DHCP config to obtain IP/GW, and to influence the traffic to specific destinations to go through the new connection (private IP) using PBR.

 

The issue we are facing is that once we enable the interface (for example int 5) with DHCP config the internet connection goes down even without using it in any sort of policies.

 

Thanks. 

 

1 Solution
hbac
Staff
Staff

Hi @Superpacket,

 

When using DHCP, it will automatically retrieve a default route from DHCP server as well and the that default route has an administrative distance of 5 by default (This route will not show up on the GUI).

 

You can disable it on the FortiGate GUI > Network > Interface > interface 5 > Disable "Retrieve default gateway from server". 

 

After that, you can configure policy routes and firewall policies to specific destinations to go through the new connection and test. 

 

Regards, 

View solution in original post

8 REPLIES 8
srajeswaran
Staff
Staff

Not sure if it is due to the lower default route priority received via DHCP. Can you try configuring a higher priority (greater than 10 of static route) and check?

Ref:https://community.fortinet.com/t5/FortiGate/Technical-Tip-Override-default-route-settings-default-ro...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Superpacket

Thanks for the prompt response. 

We checked the static route via GUI after enabling the interface and during the internet is down, there is only one default route to the WAN interface. 

srajeswaran

On the traffic logs, do you see any reason for traffic drop ? Can you share any instance of the dropped traffic log?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Superpacket

I just checked the logs, and no drops were logged.

srajeswaran

I am not 100% sure, if the DHCP route will show under static routes, can you collect "get router info routing-table all" during problem state just to be 100% sure.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
hbac
Staff
Staff

Hi @Superpacket,

 

When using DHCP, it will automatically retrieve a default route from DHCP server as well and the that default route has an administrative distance of 5 by default (This route will not show up on the GUI).

 

You can disable it on the FortiGate GUI > Network > Interface > interface 5 > Disable "Retrieve default gateway from server". 

 

After that, you can configure policy routes and firewall policies to specific destinations to go through the new connection and test. 

 

Regards, 

Superpacket

Hi @hbac 

 

That solved the issue, thanks a lot.

 

Regards,

tanzo
New Contributor

I was planning for ER605 but sadly it doesn't have a gigabyte port so speeds are capped at 100 Mbps as other companies like Trendnet and Edgerouter aren't available in India and importing one will make it difficult to claim warranty incase anything happens

https://19216801.onl/ https://routerlogin.uno/
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors