Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sesamiv
New Contributor

Created on ‎11-08-2023 12:15 AM

Fortigate with 2 WAN over private ip

Hello everyone,

 

I am a bit new to Fortigate and I wanted to ask you a question about the operation of the traffic generated by the FW itself.

 

Let me tell you about the case. I have a 200F with two WAN connections, the connection_1 with a public IP and the connection_2 with a public IP over a private IP with VLAN.

 

WAN 1 -> IP_PUBLIC_1
WAN 2 -> IP_PUBLIC_2 on PRIVATE_IP

 

When I configure WAN 1 as default route everything works correctly, Forticloud and Fortiguard update.
On the other hand, when I configure WAN 2 as default route I cannot reach these services because it will try to access through the PRIVATE_IP and it is not accessible from the Internet. After configuring the different services with the IP_PUBLIC_2 in "source-ip" if they are accessible.

 

The code we use for the "source-ip":
-------------------
config system fortiguard
set source-ip IP_PUBLIC_2
next

config system ntp
set source-ip IP_PUBLICA_2
next
-------------------

 

My question: In case of configuring the two WANs in a SD-WAN, the Fortiguard services will ONLY be accessible when the default route is WAN 1, being the "source-ip" of the services 0.0.0.0.0/0. Is this possible?

 

Best regards and thank you very much for your help!

Labels:
1319
0 Kudos
3 REPLIES 3
kmohan
Staff
Staff

Created on ‎11-08-2023 01:34 AM

Hi Sesamiv.

Gd day


 In case of configuring the two WANs in a SD-WAN, the Fortiguard services will ONLY be accessible when the default route is WAN 1, being the "source-ip" of the services 0.0.0.0.0/0. Is this possible?

You can specify with interface on the fortiguard setting 

 

check with the below command line:

#config system fortiguard

set interface-select-method specify
set interface port4
# end

 

Karthick
1295
kmohan
Staff
Staff
In response to kmohan

Created on ‎11-08-2023 01:34 AM

Port4 ----> you use WAN1

 

Karthick
1294
0 Kudos
sesamiv
New Contributor
In response to kmohan

Created on ‎11-08-2023 01:47 AM

Hi Kmohan,

 

thanks for your promptness.

 

In that case, if WAN 1 failed the FW would not be able to connect to Fortiguard, no?

 

Although thinking about it... either if WAN 1 fails or if it is not configured as you said, the FW would not be able to reach Fortiguard...

 

Thank you very much for the help, I will do as you said.

 

Best regards!

1290
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.