2 LANS, 2 WANS, How to separate Traffic

Fsnyder24 · ‎02-13-2018

Hello

I have 2 LANS -

192.168.1.0/24 (192.168.1.1 / 255.255.255.0) LAN 2

192.168.2.0/24 (192.168.2.1 / 255.255.255.0) LAN 1

I have 2 WANS

DSL #1

DSL #2

Right now all traffic is going in and out of WAN 1 (DSL 1)

We just added the 2ND WAN (DSL 2) and I am trying to get LAN 2 to go out WAN 2 (DSL 2)

I have connected the DSL 2 to switch 1 in building 2 which then feeds via wireless bridge to building 2 switch 1 and then I have a cable going from that switch to WAN 2 port on the Fortinet 200D

I have created a static policy following this forum post - https://forum.fortinet.com/tm.aspx?m=127289

Am I missing something because all traffic still seems to be going out only WAN1

Thanks

Hkp · ‎02-15-2018

Hi,

in this case my configuration would be like this:

1. Static Routes

0.0.0.0/0.0.0.0 - WAN1 - Gateway-IP - Priority 0

0.0.0.0/0.0.0.0 - WAN2 - Gateway-IP - Priority 5

All network ports / local subnets are using WAN1 until interface is down, so WAN2 is failover.

2. Create policy route

If incoming traffic matches:

Incoming interface: LAN2

Source: 192.168.1.0/24

Destination: 0.0.0.0/0.0.0.0

Then:

Action: Forward Traffic

Outgoing interface: WAN2

Gateway: Gateway-IP

That's disables your failover feature of step 1! And you cannot route your local traffic between 192.168.1.0/24 and 192.168.2.0/24!

If you need the communication between LAN1 and LAN2, create second policy route as your first policy sequence:

If incoming traffic matches:

Incoming interface: LAN2

Source: 192.168.1.0/24

Destination: 192.168.2.0/24

Then:

Action: Stop Policy Routing

Zaki_ · ‎02-22-2018

Hello,

You can use seperate Vdom for each LAN

Create Two Vdoms, LAN1 and LAN2

assign 2 interfaces ( LAN and wan) to each vdom

This way you wan completely seperate your two Lans

Hope it helped

2 LANS, 2 WANS, How to separate Traffic

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website