I am prepping a new Fortigate 240 running 5.2.9 to be installed. I have two WAN links. One is primary incoming with public IP and outgoing web. The second is mostly for VOIP and redundancy. I setup a WLLB with the two interfaces. I am now trying to setup policies. I have 1-2 rules that I want to do source (IP / domain) filtering on with Virtual IP NAT to internal server from WAN1. In the address object setup you cannot choose interface wan-load-balance only wan1 / wan2 or any. I know the traffic will come in WAN1 since that is where public IP is. Then when I create policy I must choose incoming interface of wan-load-balance since wan1 / wan2 aren't available in drop down. When I do this however it removes the address I created for wan1 from the drop down list of source addresses?
Since I am using WWLB with the two wan interfaces do I need to choose any as interface for address object? Is there something I am missing here?
I just want to make sure I am load balancing outgoing traffic while maintaining correct policy routing for public IP -> Internal IP server.
Thanks.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
technically if you enabled WAN LLB, once you create a rule/policy from internal to internet you cant choose either WAN1 or WAN2 its always internal to WAN LLB , same as well if you create a rule/policy for incoming traffic, wherein you have Virtual IP enabled. WAN LLB to Internal.
Now if you wish some of you internal computer/s utilize WAN1 or WAN2 then you can use Policy Based Route (PBR) rule.
Fortigate Newbie
technically if you enabled WAN LLB, once you create a rule/policy from internal to internet you cant choose either WAN1 or WAN2 its always internal to WAN LLB , same as well if you create a rule/policy for incoming traffic, wherein you have Virtual IP enabled. WAN LLB to Internal.
Now if you wish some of you internal computer/s utilize WAN1 or WAN2 then you can use Policy Based Route (PBR) rule.
Fortigate Newbie
technically if you enabled WAN LLB, once you create a rule/policy from internal to internet you cant choose either WAN1 or WAN2 its always internal to WAN LLB , same as well if you create a rule/policy for incoming traffic, wherein you have Virtual IP enabled. WAN LLB to Internal.
Now if you wish some of you internal computer/s utilize WAN1 or WAN2 then you can use Policy Based Route (PBR) rule.
Fortigate Newbie
Thanks for the reply. I ended up setting the objects to any rather than WAN1 and that seems to have worked. It just wasn't logical to me since I know inbound traffic to servers will only be on WAN1 due to IP address in DNS.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1071 | |
751 | |
443 | |
219 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.