Hi, I wish to use WAN Link Load Balancing on the Fortigate 200d but I also need some servers to use a specific connection and external IP addresses in order to function. Link Load Balancing is working, and i'm also able to force servers to use a specific address, but not both. I created Virtual IP’s and Dynamic IP Pools to force the servers to use specific external IP addresses. This works, however if I add the second WAN interface to “ System --> Network --> WAN Link Load Balancing”, the connection goes down for servers with the option NAT --> Dynamic IP Pool configured. How can i force specific servers to use only the primary (or secondary) WAN-link and thus basically disabling load balancing for those servers only ? Kind regards, Guido
VWL does not support Virtual IP.
You may set up like below on V5.4, PC11 will always go out from specific interface (VLAN_EXTERNAL).
config system virtual-wan-link set status enable set load-balance-mode measured-volume-based config members edit 1 set interface "VLAN_EXTERNAL" set gateway 192.168.70.1 set volume-ratio 40 next edit 2 set interface "vlan_190" set gateway 192.168.90.48 set volume-ratio 10 next edit 3 set interface "vlan_pppoe" set gateway 192.168.210.99 set volume-ratio 53 next end config service edit "out" set member 1 set dst "all" set src "pc11" next end end FG800C3912800675 (vdom1) # dia firewall proute list list route policy info(vf=vdom1): id=4278190080 flags=0x30 tos=0x00 tos_mask=0x00 protocol=0 sport=0:0 iif=0 dport=1-65535 oif=44 gwy=192.168.70.1 source wildcard(1): 192.168.1.11/255.255.255.255 destination wildcard(1): 0.0.0.0/0.0.0.0
Well,
I´m still dreaming of a simple "per Firewall policy" nexthop Feature.
Two WAN Links with several IP Adresses and PolicyBased Routing / Virtual WAN Link ist still a PITA with Fortigates.
@Guido: I faced the same problem and I hoped the the VWL feature would be smart enough to map the chosen SNAT IP pool to the corresponding WAN IF.... [&:]
Mr. Xie forgot to take the virtual Router documentation with him when he left Netscreen
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.