So my ISP has provided me IP address configurations as follows
IP address: 111.444.888.xxx
Subnet mask: 255.255.255.xxx
Default gateway: 111.44.888.XX1
DNS: 183.456.789.XXX
Now if I enter these settings on my laptop the internet works fine My question is how can I add this on fortigate? I already have 2 ISP connections on SD-WAN connected with fortigate with ISP routers using DHCP. What I did is I created WAN interface, added the IP manually, created another SD-WAN zone configured default gateway and set static route 0.0.0.0/0.0.0.0 with the interface of the new sd wan zone. But still the internet is not working.
My question is:
Where do I have to add the DNS details ?
Hi @zainnykaz ,
- you can manually specify the DNS servers under Network > DNS. You can add upto 2 DNS servers at a time:
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/960561/fortigate-dns-server
- Regarding the Internet not working if you are other 2 interfaces are getting DHCP ip from ISP, they also receive the route with distance 5. And Can you please check the static route you have created for that the default AD is 10 so that could be the reason it is not working.
- Please share the output of following:
get router info routing table details 0.0.0.0
will it effect my other ISP connections ? Also have I configured the Static ISP IP correctly ? or is there any other way also ?
Hi @zainnykaz ,
- It won't affect the other ISP, but new sessions will go through new Interface and existing sessions will not be affected. other way to set IP is through CLI:
https://help.fortinet.com/fdb/5-0-0/html/source/tasks/t_network_configuration_cli.html
- regarding the static IP you can double check with the ISP and what they provide the same you can use in the FortiGate interface configuration.
Hi @zainnykaz,
By default, default routes of dynamic wan interfaces have administrative distance of 5 and if your new static route has a higher administrative distance, it is not gonna work. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an...
Administrative distances should be the same for all wan interfaces to work.
Regards,
Hi @zainnykaz
I believed your issue are related to Administrative Distance [AD], since your 2 of your ISP are using DHCP and it will use AD of 5. Since you have 3rd ISP and its static, by default fortigate will create AD of 10, you just need to change the AD of your 3rd ISP to be 5 so it will be install on the routing table.
Please verify again your routing table.
Alwis
I would like to agree with everyone stating this is an Administrative Distance issue. Check your routing table in the CLI with "get router info routing-table all" and you'll see your routes along with their respective AD.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.