Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

connecting 2 different LANs through the same WAN1

Please help, I have a situation I can not seem to understand how to get around it. I am very new to firewalls let alone fortigate.  I am able to route to internet through LAN2 ip I need to set up another LAN4 ip to route to the internet through the same WAN1

Honored Contributor

More information is needed.  What Fortigate model and firmware is running on it.


Is LAN2 also the name of the interface (that is assigned  Likewise is LAN4 the name of the interface (that is assigned


Are you using routing policies or do you actual have firewall policy rules in place directed from LAN2 -> WAN1?  If firewall policy rules then all you may need to do is create policy rules from LAN4 to WAN1.








NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Fortigate 81E, Firmware v6.0.9 build0335 (GA), LAN2 is my interface to a router, I have configured a static route from that interface to wan1 and it works fine.  LAN4 is has been configure with an IP which belongs to a cisco switch and I can not seem to get access to the internet. both LAN2 and LAN 4 have different names.  I have a firewall policy directing from LAN2 to WAN1.  Yes I have the firewall policy rule from lan4 to WAN1. I can ping from a PC connected to the switch but still no internet from the switch. I can not ping, or ping any of the other PC on the router.

Thank you very much for you help.


1- there is nothing special with using one WAN interface from several local subnets, even on different ports. You often have LAN and DMZ subnets, both on different ports, and communicating to the internet via WAN port.

2- in order to send and receive traffic from WAN to LAN you need

a default route (there is only ONE per Fortigate)

a policy from LAN to WAN with NAT checked (!!)


and this of course for both LAN2 and LAN4.

3- if you can ping a public server but cannot surf, you probably have a DNS problem. You need to create a DNS on each LAN, you can do that for all and any ports on a FGT. Usually, this DNS forwards to the 'system DNS' which the FGT uses, often the provider's DNS.

4- if you want your PCs to get the correct DNS address, IP address and default route, configure them using DHCP. You can create one DHCP server per interface.


To check for a DNS problem: on a Windows command line (cmd.exe), type "ping" or "ping". If the latter succeeds while the first does not, your PC can't resolve names, thus has no DNS.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!

Thank you again!!! That was very helpful pointing me to right direction. I fixed the DNS issue, everything is working as it should. 

New Contributor

if you can route your traffic from (lan2) to wan1, you already should have a default route to wan1.

can you share your config (routes and relevant policies)?


also good to know -> traffic debugging:

diag sniffer ([link=][/link])

diag flow filter (




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors