The following are the troubleshooting steps when a secondary (e.g. wan2) WAN connection with static IP address was added on the FortiGate but the internet connection through that interface does not work.

1. Confirm whether the internet connection from that specific interface is not working: set the ping-options source to wan2's interface's public IP address and ping fortinet.com.
   
   

exec ping-options source <w.x.y.z> 

exec ping fortinet.com

A successful ping means that the internet is working through that interface.

2. Check the default route through the FortiGate CLI. Routes in Network -> Static Routes may not show the default route for WAN interfaces that were configured via DHCP.

get router info routing-table all | grep 0.0.0.0

The output should show that the default route of the WAN interface with the DHCP IP address has a distance of 5 and a priority of 1. Furthermore, the secondary WAN interface with a static IP address default route has a distance of 10 and a priority of 1.

The solution is to modify the distance and priority of the wan2 interface or the wan1 interface.  To make both default routes available on the routing table, they must have the same distance.

As wan1 has the default route via DHCP, changing the distance and priority is done on the interface itself:

config system interface

    edit wan1

        set distance 10

        set priority 10

    end

If wan1 has a normal static route, changing the distance and priority is done there instead:

config static route

edit xx

    set distance 10

    set priority 10

    end

• Priority preference: The lowest value is preferred for the routing table.
• Distance preference: The lowest value is preferred for the routing table.

In summary, the ISP connection that obtained the IP address via DHCP will have a distance of 5 and a priority of 1 by default, while the ISP connection with a statically assigned IP address will have a distance of 10 and a priority of 1 by default.