Dual WAN separate traffic

tronton_team · ‎08-25-2015

Hello, i want to ask, i have a fortigate with 2 internet connections,i want to make WAN 1 for server database and Active directory and WAN 2 for client, server database and AD is one segment with client, can i make that with fortigate? please help me.

vjoshi_FTNT · ‎08-31-2015

With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

View solution in original post

gschmitt · ‎08-25-2015

Go to System > Config > Features and set Advanced Routing to On

Go to Router > Static > Policy Routes and click Create New

Protocol Any

Incoming Interface internal

Source Address / Mask Your IPs which go to wan1

Destination Address / Mask 0.0.0.0/0

Then:

Outgoing Interface wan1

Gateway Address as needed

Repeat the step above with wan2

Sylvia · ‎08-25-2015

Hello,

gschmitt is right.

In case you can not configure the gateway for the policy routes, you have to make sure to have two default routes for both wan interfaces with the same distance. If you configure a better (=smaller) priority to one of the default routes, then this route would be used by default for outgoing traffic.

Sylvia

tronton_team · ‎08-25-2015

thank you very much for your answer, i will try it.

vjoshi_FTNT · ‎08-26-2015

Yes, the above solution would work.

Along with that, having a link fail detection applied makes it more reliable.

Below KB article explains how to do it :

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD35080

Hope that helps.

francesco73 · ‎08-28-2015

Hello,

At the moment we have only 1 Wan so all the traffic goes through wan 1.

In the next future we will add the second wan.

We want the same..that server with fixed Ip will remain to go to the old wan1 and users traffic will go through the new wan2.

is there no need to change any policies in Policy->Policy ?All the policies there at the moment refer only to wan1

Thanks Francesco

vjoshi_FTNT · ‎08-31-2015

Hello,

When you get the second WAN, you need the below:

- A default route via Wan2 (with equal distance and priority)

- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1

Another Firewall policy from Lan to WAN2 allowing the whole local subnet

francesco73 · ‎08-31-2015

vjoshi wrote:
Hello,

When you get the second WAN, you need the below:
- A default route via Wan2 (with equal distance and priority)
- A policy route with the server as the source address and destination as 0.0.0.0 via WAN1

Another Firewall policy from Lan to WAN2 allowing the whole local subnet

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

vjoshi_FTNT · ‎08-31-2015

With the above config, Server will always use wan1, and users can use both WAN1 and WAN2.

Many Thanks!

In this way servers will be forced to use wan 1 and all the others ip addresses will use wan2?Or both wans?

r4ptor · ‎04-24-2018

Hi;

I have one internal network and 2 internet connections.

Internal(LAN): 172.17.10.0/24

Wan1: 37.152.162.17

Wan2: Wimax modem (with no static IP)

I want 3 users of my lan just use Wan 1, and other users just can use Wan2.

I try above solutions, but don't work for me!!

Our company had mikrotik before purchasing a fortigate, this feature is easy to configure in mikrotik with nat, firewall role and mangle.

Can help me about this?

Thank you

Dual WAN separate traffic

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website