Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
g_aertssen
New Contributor

Created on ‎04-06-2016 07:00 AM

Dual WAN LoadBalancing, force servers to use specific WAN-connection and IP address

Hi, I wish to use WAN Link Load Balancing on the Fortigate 200d but I also need some servers to use a specific connection and external IP addresses in order to function. Link Load Balancing is working, and i'm also able to force servers to use a specific address, but not both.  I created Virtual IP’s and Dynamic IP Pools to force the servers to use specific external IP addresses. This works, however if I add the second WAN interface to “ System --> Network --> WAN Link Load Balancing”, the connection goes down for servers with the option NAT --> Dynamic IP Pool configured. How can i force specific servers to use only the primary (or secondary) WAN-link and thus basically disabling load balancing for those servers only ? Kind regards, Guido

4358
0 Kudos
2 REPLIES 2
Jeff_FTNT
Staff
Staff

Created on ‎04-08-2016 07:53 AM

VWL does not support Virtual IP.

You may set up like below on V5.4, PC11 will always go out from specific interface (VLAN_EXTERNAL).

config system virtual-wan-link     set status enable     set load-balance-mode measured-volume-based     config members         edit 1             set interface "VLAN_EXTERNAL"             set gateway 192.168.70.1             set volume-ratio 40         next         edit 2             set interface "vlan_190"             set gateway 192.168.90.48             set volume-ratio 10         next         edit 3             set interface "vlan_pppoe"             set gateway 192.168.210.99             set volume-ratio 53         next     end     config service         edit "out"             set member 1             set dst "all"             set src "pc11"         next     end end FG800C3912800675 (vdom1) # dia firewall  proute list list route policy info(vf=vdom1): id=4278190080 flags=0x30 tos=0x00 tos_mask=0x00 protocol=0 sport=0:0 iif=0 dport=1-65535 oif=44 gwy=192.168.70.1 source wildcard(1): 192.168.1.11/255.255.255.255 destination wildcard(1): 0.0.0.0/0.0.0.0

 

1042
0 Kudos
TheJaeene
Contributor
In response to Jeff_FTNT

Created on ‎05-13-2016 02:05 AM

Well,

 

I´m still dreaming of a simple "per Firewall policy" nexthop Feature.

Two WAN Links with several IP Adresses and PolicyBased Routing / Virtual WAN Link ist still a PITA with Fortigates.

 

@Guido: I faced the same problem and I hoped the the VWL feature would be smart enough to map the chosen SNAT IP pool to the corresponding WAN IF....  [&:]

 

Mr. Xie forgot to take the virtual Router documentation with him when he left Netscreen

 

1042
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.