Since 1 month I'm the owner FireGate 60D and learn its features so I turn to you for help in solving probably a simple task - to properly configure two WAN ports.
I have two ISP with static IP and would like to implement one of the following scenarios.
- All HTTPS traffic goes through WAN1,
- All other traffic goes through WAN2,
- when WAN1 (WAN2) goes down, all traffic goes through WAN2 (WAN1),
- All traffic goes through WAN1,
- An external access by the WAN2 (WAN2-> internal LAN)
- when WAN1 goes down all traffic goes through WAN2,
Can you simply describe me the differences between the WAN Link Load Balancing (System-> Network-> WAN Link Load Balancing) and ECMP Load Balancing Method (Router-> Settings) ?
I would be very grateful for any guidance.
First you need to add default routes - one for each wan link. Depending on whether you need incoming services on both wan links ( eg. 1:1 NAT, Port Forward ), you will need to have distance equal on both default routes; priority will determine preference for outbound traffic. If you don't require incoming services on both links, set shorter distance for preferred link and/or link where general traffic will egress.
Use policy routing to bend specific egress traffic through particular link - eg.
wan1 - general traffic - distance 10 / priority 0
want2 - http/https - distance 20 / priority 0 - policy route: src net -> all, type: 6, port http/https, gateway wan2
... do not set a specific gateway address if fail-over is required ie. use 0.0.0.0
Otherwise use load-balancing with same distance, priority for both links
Create policies to allow traffic and assign security profiles
Guys, thank you very much for all very useful tips and links. In addition, I found and read other explanations from Fortinet's database, and so far I was able to run two wan links in the fail-over configuration (the second scenario).
can you explain to me precisely how to configure the device to get the first scenario? I can not understand your following tips:
"src net -> all, type: 6, port http/https, gateway wan2
... do not set a specific gateway address if fail-over is required ie. use 0.0.0.0".
you mean the settings in: Router->Static->Policy Routes?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.