- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- how can i configure load ballancing between inter...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 04-08-2008 08:41 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how can i configure load ballancing between interfaces?
Hi everyone,
i' ve got fortigate 60 firewall in my office and thre are 3 adsl modems connected to it via dmz, wan1 and wan2.
i just simply want some users or user groups access to internet via certain interfaces. let' s say that restricted user groups should access internet on wan1, free user groups or user should access internet via dmz or wan2...
i' ve tried almost everyting but fortigate always balancing users between interfaces randomly. one day i access internet via dmz but other day via wan1 or wan2.
what must i do to access internet always via same interface?
any help would be greatly appreciated...
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Welcome to the forums
What you should look towards is policy routing under ' Router > Static' . If you are able to split up the source traffic by subnet, interface (or any group the FGT can recognize), then you can ' bend' that traffic down and out any pipe you choose. Have a look at it, and give it a whirl.
Good luck
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 04-09-2008 12:18 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your quick response rwpatterson,
i believe i can make it by policy route. but it seems kinda complicated. i' m working on it. i' ll post the further information.
Not applicable
Created on 04-10-2008 02:21 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi again Bob,
i' ve added some policr routes, it worked fine till now. i can force port based web traffic on certain interfaces. it' s ok for now (which i actually want to force traffic based on ip addresses or subnets anyway).
but there' s another situation happened when i added policy route.
let me draw the picture: my company has 3 seperated buildings which connected to each other via frame relay connection. cisco routers connects 3 offices. our 3 subnets are like 192.168.0.0, 192.168.1.0 and 192.168.3.0.
in this case i' ve got a static route in fortinet for internal connections (forcing lan connections to cisco router).
since i added to policy route to force internet traffic, my internal static route doesn' t work anymore..
any suggestions??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have a very complicated setup it seems.
Where is the Fortigate in relation to the Ciscos?
Do the Ciscos simply terminate the serial ports, or are they routing as well?
What firmware version are you currently running?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 04-10-2008 06:36 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firmware version is 3.00,build8448,070409
let me explain how are ciscos way of work.
we' ve got a main headquarter, other branch offices connecting main headquarter via frame relay connection by routing cisco routers. but branch offices doesn' t communicate by eacy other. i' ve got a static route which routes any single internal lan requests to the cisco router, than cisco router routes every lan requests to main headquarter.
in this scenario my main problem is static route policy doesn' t work anymore if i add any policy based route. this means branch offices can' t connect to the main headquarter. if i delete policy route everything is ok.
i hope i could make it more clear for you.
thank you for your interest by the way.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does it look like the following:
Site C
Cisco
|
|
main site Cisco-----FGT 60-----Internet
|
|
Site B
Cisco
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 04-10-2008 06:54 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it looks like:
site C FGT60---- internet
Cisco
|
|
(Cisco) main site FGT60---- internet
|
|
Site B Cisco FGT60---- internet
every office have it' s own FGT60.
we don' t use AD by the way...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, now that I have your complicated picture, tell me again how you are trying to split up traffic? Also, if you have Internet at each site, why bother with the Ciscos? The Fortigates are more than able to terminate the LAN and WAN connections without the added maintenance and overhead of the Ciscos...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 04-10-2008 07:25 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we use ciscos because every branch office must communicate with main headquarter. we' ve got several terminal servers and all of them located in main headquarter, branch offices using a software which installed on terminal servers. that' s why we need routers...
basicly i' ve added a policy route which force every traffic to dmz for every ports (i' m just trying to understand route policy, that' s why i made a policy like that) and it worked fine. but what i needed most is force ip blocks or subnets to certain interfaces, we' ll solve it later i believe..
but the problem is as you knew my static route doesn' t worke anymore if i add any policy route. how can i keep working all of my routes at the same time? or why my static route stop working if i add any policy route?
Related Posts
- FortiManager Import Configuration Address Object interface... 44 Views
- Fortigate 7.2 SDWAN + ADVPN 145 Views
- Connecting Two SIP Trunks with Different... 233 Views
- SSL-OffLoading (HTTP --> HTTPS) 355 Views
- Change of Fortiswitch Topology - Ring... 224 Views
Labels
-
FortiGate
6,450 -
FortiClient
1,287 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.