DescriptionWAN load balance (volume based) and redundant Internet connections.
Solution1. Connecting ISPs to the FortiGate
Connect the ISP devices to the FortiGate so that the ISP which is to be used for most traffic is connected to WAN1 and the other connects to WAN2.
2. Deleting security policies and routes that use WAN1 or WAN2
An interface cannot be added to the WAN link interface if it is already used in the FortiGate’s configuration, so any policies or routes that use either WAN1 or WAN2 must first be deleted.
3. Creating a WAN link interface
Go to Network > WAN LLB.
Set WAN Load Balancing to Volume. This will distribute traffic based on volume of traffic measured in bytes.
Create new > Add WAN1 and WAN2 to the list of Interface Members, Status Enable, and set it to use the Gateway IP provided by the ISP.
Select Load Balance Algorithm > Volume > set Weight for WAN1 and WAN2.
The weight settings will cause 60% of traffic to use WAN1, with the remaining 40% using WAN2.
4. Creating a WAN status check (Health Check).
5. Creating a default route for the WAN link interface
Go to Network > Static Routes and create a new default route. Set Device to the WAN link interface.
6. Allowing traffic from the internal network to the WAN link interface
Go to Policy & Objects > IPv4 Policy and create a new policy.
Set Incoming Interface to the internal network’s interface and set Outgoing Interface to the WAN link interface. Turn on NAT.
Scroll down to view the Logging Options. To view the results later, turn on Log select All Sessions.
7. Results
Browse the Internet using a PC on the internal network and then go to FortiView > All Sessions.
Ensure that the Dst Interface column is visible in the traffic log. If it is not shown, right-click on the title row and select Dst Interface from the dropdown menu. Scroll to the bottom of the menu and select Apply.
The log shows traffic flowing through both WAN1(mgmt) and WAN2(ppp1).
Disconnect the WAN1 port, continue to browse the Internet, and refresh the traffic log. All traffic is now flowing through WAN2(ppp1), until WAN1 is reconnected.
Note: In example, mgmt interface is considered as WAN1 and ppp1 interface as WAN2.