Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
UrbyTuesday
New Contributor

I took down the network : |

We have a really good small biz product around here by ATT here that's a shared fiber offering.  1Gb up and down for less than $135 a month and they guarantee to add additional circuits if the original reaches 70% saturation. This product is so poorly marketed that nobody uses it, thus I've never installed it and had to share with anyone (that i can tell anyway).  

 

Anyhoo, they came out yesterday to install it at one of our branches with 10 people.  They sent out the same Router with built in ONT as they use in NEW ATT Fiber\Uverse residential installs. It's even got wifi6.  Perfectly fine for this office's purposes.

 

So I simply wired WAN2 into the back of the router to grab a 192 address from the router so i could configure it later to run pass thru and SD-WAN, then ultimately get rid of the cable broadband on WAN1.  But as soon as i plugged it in, it killed internet access on my WAN1-INTERNAL interface/subnet/setup...which is in NO way connected to WAN2 anywhere.

 

The question is WHY.  I simply don't understand.  I have no static routes set except a default thru WAN1.  I have no WAN2 policies set.  It's probably something dumb I'm doing and I know how to work around it but i still don't get it.  Shouldn't i be able to set any damn address i want on WAN2 and absolutely NOTHING happen to the existing WAN1 and Internal networks?

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor

Did you check if the FortiGate whatever the model is didn't lose the default route toward wan1? If you haven't set up SD-WAN including both wan1 and wan2 yet, you need to have a clear picture how to route internet traffic with two circuits; load balance, one of them is standby or accepting only out-to-in traffic like VPNs, etc., then set routing&policies accordingly.

UrbyTuesday

ahhh...you know what? you are right.  when I left DHCP on for WAN2, it automatically set another default route with equivalent distance, didn't it!?  and (at least SOME) traffic was getting routed to nowhere (WAN2).  

 

i think that's it.  and you are right. i knew i could fix this by setting up SD-WAN in advance...i just wanted to make sure i knew what was happening.  I KNEW it was something dumb i was doing.