Hello!
I've the following situacion on a customer's site:
[ul]How do i make this work?, i've tried:
[ul]I'd appreciate if anyone can point me in the right direction.
Greets.
What version of code are you using?
Are you wanting to load balance the outgoing traffic as well?
Mike Pruett
Thanks for replying!
The customer has 5.2.8, but can be upgraded to 5.4 (it's planned).
We're not trying to load balance, all outgoing connections will go through WAN_A. WAN_B is for incoming connections only (SSL_VPN and some virtual ips).
Ahh ok, I read the original title as you have dual WAN setup but it wasn't loadbalancing lol.
Now I see that you were saying that you don't want the typical deployment. My bad...it's a Monday morning.
The routes you are configuring (policy based ones) would be for traffic going outbound. Not return traffic for incoming listeners.
If you remove the policy route and the default route relating to WANB does it try to go back out the WANA interface when responding? (asynchronous route?)
Mike Pruett
It shouldn't, as the session is opened from incoming traffic, and in the session table there's a field for the corresponding interface.
ede_pfau wrote:It shouldn't, as the session is opened from incoming traffic, and in the session table there's a field for the corresponding interface.
Yes, i believe it's correct for the session table. But nowhere on this router's configuration is an entry for the default gateway for "ISP_B". Even when it knows that the connection came from "port4" (WAN_B), it doesnt know where to send it.
Do you know where these external connections will be coming from? Certain public subnets etc?
Mike Pruett
MikePruett wrote:Do you know where these external connections will be coming from? Certain public subnets etc?
Nope, if that were the case i'd use static routes :(
Try to set same distance for both default gateways (a and b) but different priorities.
Priority field is hidden by default in the GUI.
The higher the priority number, the less likely the route is to be selected over others. The default is 0.
This way you can connect to both ip's from the outside, but only one wan interface will be used for outgoing traffic. And if the primary wan interface goes down, traffic will be routed of the 2nd wan interface.
Hello,
Have you found what is causing it? I'm having the same.
User | Count |
---|---|
983 | |
818 | |
446 | |
440 | |
130 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.