Ok, so now I' m going to join the " How do I make WAN2 work" (basically) crowd. Let me pre-apologize for the length of this post, I' m just trying to be as thorough as possible.
Current setup:
WAN1, Cable ISP, Static IP address, everything works great for 2+ years, VIP' s get routed, etc
WAN2, DSL ISP, Static IP address, just got turned on today (verified via my laptop configured with static IP info and plugged directly into the DSL modem).
Now I know I need to do configuring with policy routing and probably some more configuration, but I did setup a VIP pointing from one of the static DSL IP addresses to a virtual linux server (when the VIP points to one of my static cable IP' s, it works), and try to FTP into it from my remote network in california (I' m based out of Hawaii) - it fails.
So I need to know where I went wrong basically.
Here is what the master plan is for the dual wan setup: keep all traffic incoming and outgoing on the cable modem, however, in the event of a cable outage, re-route all traffic to the DSL line.
I know I have to recreate the cable VIP setup on the DSL side, and create new public DNS entries for failover duties so e-mail keeps flowing.
So here is what I have configured so far:
System -> Network -> wan1 (CABLE):
Manual address mode; IP/Netmask: 67.52.67.90/255.255.255.248; Admin access=Ping; Administrative status=Up
System -> Network -> wan2 (DSL):
Manual address mode; IP/Netmask: 72.253.160.96/255.255.255.0; Admin access=Ping; Administrative access=Up
System -> Network -> Options -> DNS Settings: I run my own DNS servers (and they forward to OpenDNS), but I have the DNS from my cable ISP entered, and I have enabled DNS forwarding from " internal" . Dead gateway detection is set to 5 seconds and 5 pings.
System -> Config -> Operation = NAT (obviously? lol)
Router -> Static -> Static Route: IP/Mask is set to 0.0.0.0/0.0.0.0 on all 4 entries.
Gateways are (in order top to bottom):
192.168.10.1 wan1 distance=10
67.52.67.89 wan1 distance=1
72.253.160.1 wan2 distance=3
192.168.10.1 wan2 distance=10
I have NO policy routes set (yet?). I have also configured NOTHING in Router -> Dynamic.
Under Firewall -> Policy I have the following:
internal(LAN) -> wan1(CABLE): source/destination=all, service=any, shedule=always, action=accept.
internal(LAN) -> wan2(DSL): source/destination=all, service=any, schedule=always, action=accept.
I have duplicated 2 VIP' s from the cable side of things to the DSL side of things as well, to which when I hit the public DSL IP from behind the FortiGate, it forwards it to the appropriate LAN IP (my virtual Linux server), yet when I attempt to hit our Linux website via one of my remote computers, it just times out.
Clues to what I did wrong? I' ve been reading the routing forum for the past week trying to make sense of all this before I even had the DSL turned on. The forticare docs weren' t much help either :(
Help me obi-wan kenobi' s! :p
Rick Payton, IT Support
Morikawa & Associates
http://www.mai-hawaii.com/
FortiGate-60 build 726 (retired)
FortiGate-60B v4.0 build 328 MR2 Patch 8
FortiAnalyzer-100B v4.0 build 513 MR3