fortigate 200D - I want more WAN ports !

Ali_Jassim · ‎02-02-2016

fortigate 200D - I want more WAN ports ! Greetings to you My OS is 5.2.3 As you know in fortigate 200D there is only 2 WAN Ports [&:] ! what if you need more WANS ports ? I tried to use port1 as WAN port, but the traffic not going through it , If I change the administrative distance of it to lower Number traffic will going through port 1 , but ! I don't want to change administrative distance I want Port1 works as WAN port with default administrative distance SAME Port WAN1 , so if I create a policy with outgoing interface port1 it should go through port1 without any problem without any changing of administrative distance with default value Please this is very important for me because I have 6 Links for ISP I need to connect it to Fortigate as WAN Ports attached

Thank you for your time and for you advice

emnoc · ‎02-02-2016

Any port can be used as a wan port. What are your route set for and have you looked at ECMP and virtual wan link. Both are clearly described in the cookbook and and fortinet videos

PCNSE

NSE

StrongSwan

Ali_Jassim · ‎02-02-2016

emnoc wrote:
Any port can be used as a wan port. What are your route set for and have you looked at ECMP and virtual wan link. Both are clearly described in the cookbook and and fortinet videos

Dear emnoc,

This is not what I mean or I need, Links balancing is different from what I need :) , Imagine that with me, if I want to connect new link to foritgate and no ports WAN are free , so the only choice is using port1 or any port from port switch

i DON'T Want to use link balancing, I need individual link and use it for something. I hope you understand me

some time you don't need to use link balancing because YOUR NEEDS Is in different situation

Yours Sincerely

ede_pfau · ‎02-02-2016

Any port can be used as a wan port.

That's the major part of the answer to your question.

In your post you've talked about routing and route weights. One hint here: there can only be ONE default route per system (that is, Fortigate or VDOM). If you need a second default route then you might have to resort to Policy Routing determined by the source addresses.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

a_rasheed · ‎02-02-2016

Hi

how to block Facebook and YouTube Apps in android by web filter (fortigate 60D)

thanks

Ali_Jassim · ‎02-02-2016

ede_pfau wrote:
Any port can be used as a wan port.
That's the major part of the answer to your question.

In your post you've talked about routing and route weights. One hint here: there can only be ONE default route per system (that is, Fortigate or VDOM). If you need a second default route then you might have to resort to Policy Routing determined by the source addresses.

Dear ede_pfau

Thank you .. I'll tell you something we have fortigate 3240c and I create 3 default route for Each ISP without using policy route and it's works perfectly ..

right now i'm with this new firewall 200d , I'm not able to make port1 work as WAN port without change AD or add policy route simply Port1 should works as WAN 1

so All what I need is create policy then select incoming int LAN and outgoing int Port1 and Allow NAT ! and boom

should works normally like a WAN Link

emnoc · ‎02-02-2016

I'll tell you something we have fortigate 3240c and I create 3 default route for Each ISP without using policy route and it's works perfectly

Baloney, if you have 3 default routes per isp 0.0.0.0/0 than you have ECMP or something else. What 's does the route table on the FGT3240Cs look like.

Any port can be use for a wan interface to including a DMZ interface.

PCNSE

NSE

StrongSwan

rwpatterson · ‎02-02-2016

Try telling the Fortigate that the port is an outside interface. It's a CLI option under the interface settings.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com