Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ali_Jassim
New Contributor III

Created on ‎02-02-2016 12:37 AM

fortigate 200D - I want more WAN ports !

fortigate 200D - I want more WAN ports ! Greetings to you My OS is 5.2.3 As you know in fortigate 200D there is only 2 WAN Ports [&:] ! what if you need more WANS ports ? I tried to use port1 as WAN port, but the traffic not going through it , If I change the administrative distance of it to lower Number traffic will going through port 1 , but ! I don't want to change administrative distance I want Port1 works as WAN port with default  administrative distance SAME Port WAN1 , so if I create a policy with outgoing interface port1 it should go through port1 without any problem without any changing of administrative distance with default  value Please this is very important for me because I have 6 Links for ISP I need to connect it to Fortigate as WAN Ports attached

Thank you for your time and for you advice

6859
0 Kudos
7 REPLIES 7
emnoc
Esteemed Contributor III

Created on ‎02-02-2016 02:26 AM

Any port can be used as a wan port. What are your route set for and have you looked at ECMP and virtual wan link. Both are clearly described in  the cookbook and and fortinet videos

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2994
0 Kudos
Ali_Jassim
New Contributor III
In response to emnoc

Created on ‎02-02-2016 04:38 AM

emnoc wrote:

Any port can be used as a wan port. What are your route set for and have you looked at ECMP and virtual wan link. Both are clearly described in  the cookbook and and fortinet videos

Dear emnoc,

This is not what I mean or I need, Links balancing is different from what I need :)  , Imagine that with me, if I want to connect new link to foritgate and no ports WAN are free , so the only choice is using port1 or any port from port switch

i DON'T Want to use link balancing, I need individual link and use it for something. I hope you understand me

some time you don't need to use link balancing because YOUR NEEDS Is in different situation

 

Yours Sincerely

 

 

2994
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Ali_Jassim

Created on ‎02-02-2016 05:04 AM

Any port can be used as a wan port.
That's the major part of the answer to your question.

 

 

In your post you've talked about routing and route weights. One hint here: there can only be ONE default route per system (that is, Fortigate or VDOM). If you need a second default route then you might have to resort to Policy Routing determined by the source addresses.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2994
0 Kudos
a_rasheed
New Contributor
In response to ede_pfau

Created on ‎02-02-2016 05:21 AM

Hi

how to block Facebook and YouTube Apps in android by web filter (fortigate 60D)

 

thanks

 

2994
0 Kudos
Ali_Jassim
New Contributor III
In response to ede_pfau

Created on ‎02-02-2016 05:38 AM

ede_pfau wrote:

Any port can be used as a wan port.
That's the major part of the answer to your question.

 

 

In your post you've talked about routing and route weights. One hint here: there can only be ONE default route per system (that is, Fortigate or VDOM). If you need a second default route then you might have to resort to Policy Routing determined by the source addresses.

Dear ede_pfau

Thank you .. I'll tell you something we have fortigate 3240c and I create 3 default route for Each ISP without using policy route and it's works perfectly ..

 

right now i'm with this new firewall 200d , I'm not able to make port1 work as WAN port without change AD or add policy route simply Port1 should works as WAN 1

so All what I need is create policy then select incoming int LAN and outgoing int Port1 and Allow NAT ! and boom

should works normally like a WAN Link 

 

 

 

2994
0 Kudos
emnoc
Esteemed Contributor III
In response to Ali_Jassim

Created on ‎02-02-2016 06:20 AM

I'll tell you something we have fortigate 3240c and I create 3 default route for Each ISP without using policy route and it's works perfectly

 

Baloney,  if you have 3 default routes per isp 0.0.0.0/0  than you have  ECMP or something else. What 's does the route  table on the FGT3240Cs look like.

 

Any port can be use for a wan interface to including a DMZ interface.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2994
0 Kudos
rwpatterson
Valued Contributor III
In response to emnoc

Created on ‎02-02-2016 06:57 AM

Try telling the Fortigate that the port is an outside interface. It's a CLI option under the interface settings.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2994
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.