Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
youssefabdalla
New Contributor II

WAN interface policies

Hello

 

i am a beginner with fortinet and i want to know the behavior of it cause it is not clear for me

 

i have 2 wan interfaces configured separately 

and have 2 static route to each one with same distance and same priority to be used simultaneously

i know that rules will be be processed from top to down

but what about interface view is it will be impacted or no

example

interface 1

10 source 10.10.10.10 to any 

20 source any to any

interface 2

30 source 20.20.20.20 to any

40 source 10.10.10.10 to any

 

so for source 10.10.10.10  is will go only from destination interface 1 or will load balance between both ?

for 20.20.20.20 is it will go to interface 2 only as it more specific ?

is the order of interfaces in the  view has impact on rule processing or no ? and order of interfaces can be chnaged in view or no ?

so if rules

4 REPLIES 4
Potato
New Contributor III

For the same destination+netmask bit, same distance, and same priority, ECMP will be enabled and "load balance". 

 

But, For one who manipulates Fortigate, will never configure the route this way.


You should have SDWAN and put all your wan links inside that Zone,

use the SD-wan rule to separate/decide what source uses what wan link then.

 

And you just need only one static route for 0.0.0.0/0 with using SDWAN as the only Outgoing interface.

 

For policy, just configured Lan to SDWAN with source 10.10.10.10 and 20.20.20.20 to any allowed.

 

 

 

 

 

rmreddy
Staff
Staff

Hi,

As both the interfaces has same AD and priority, both the routes will be active in kernel.
So traffic will route to any of the interface, I suggest you to configure policy route for specific sources if you want to route the traffic to specific wan interface, however if the interface/ ISP goes down the traffic will be denied if there is no policy with other ISP/ interface.
Also you can configure SDWAN, where load balance will happen between two interfaces and can configure SDWAN rule to prioritize the traffic to specific ISP/ interface.

youssefabdalla

thanks PBR will do the job for me as i the requirement not to do traffic load balancing and do pbr and failover for wan links

but

i have one question if i have two PBR to same source to the 2 wans links ?

it will do load balancing between both or will only match the first rule based on priority ?

Potato

The first hit, the first go. Following the policy order From top to down.

 

But, a question here.

 

How can you monitor the Wan link status by Ping to somewhere if use PBR??

 

Tips: link-monitor

 

 

Top Kudoed Authors