Hi. I have a sourdough.
I received public addressing from the new ISP2 operator. So far I had one network (I have my AS in bgp).
I wanted to use the address from the new operator to access the Internet. Everything works, but I see that this implementation has its drawbacks when this link stops working :
above is a diagram of what it roughly looks like
So :
I have a fortigate that receives a default gateway from the edge router.
I redistribute my public SNAT ip addresses in ospf as static, adding the /32 prefix as blackhole - it works fine.
Due to the fact that I receive default gw from the edge router, I decided that I will also connect the new ISP2 operator to the edge routers - I will distribute the addressing in OSPF as above for the old connection. and on the edge router I will make PBR, if the src ip is from ISP2, I will make the next hop to ISP2.
I did that and it works ok.
i.e. I have IPPOOL, e.g. 190.10.10.10 in the fortigate - edge router connection, I have ip policy with route map if src 190.10.10.0/24, then do next hop to isp2 - and it works.
however, if isp2 has a failure, I MUST MANUALLY CHANGE the ippool to the Internet policy on ISP1.
I have a workaround, but the question is: can it be automated?
I looked at sd-wan, I use it in my warehouse where I have 2 ISPs, but somehow I don't feel that it works well with OSPF, and it doesn't change the use of a specific IPOOL SNAT.
I use many IPpools because practically every vlan goes to the Internet with its public address.
Can I create some IP SLA if my ISP connection address does not match to enable the catch all policy with ISP1's ippool?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.