Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mrwin
New Contributor

One firewall rule for two wan interfaces..

I' ve configured two wan interfaces ie. wan1 and wan2 for two ISPs, and wan2 works as backup in case wan1 fails. Now, I write each rule in such a way that its duplicated for each wan interface. Is there any provision to write only single rule which will pass through both wan interfaces ie. creating a logical wan interface grouping both wan1 and wan2? Another question is whether its possible to configure more than two WANs ie. more that two ISP links, in fortinet 600C which has only two wan interfaces ie. wan 1 & wan2?
7 REPLIES 7
Fullmoon
Contributor III

I would create a ZONE in this kind of setup, Creating a zone where in combining 2 or more ports facing your Internet provider, then a create a firewall policy coming from your internal interface-->Zone Name created of course NAT must be enabled. IMO 600C ports can be configured with diff subnets,pretty much sure you can add more than 2 ISP' s in that sense. Dont rely on WAN1 or WAN2 they are just naming convention. You can configure ports 1,2,3 etc if you have more than 2 ISP' s connections

Fortigate Newbie

Fortigate Newbie
mrwin
New Contributor

When I tried to create new zone ie. Network->Interfaces-> create new zone, the wan1 & wan2 are not in the list. All other ports are shown. Anything else to be configured?
mrwin
New Contributor

When I tried to create new zone ie. Network->Interfaces-> create new zone, the wan1 & wan2 are not in the list. All other ports are shown. Anything else to be configure?
Fullmoon
Contributor III

ORIGINAL: mrwin When I tried to create new zone ie. Network->Interfaces-> create new zone, the wan1 & wan2 are not in the list. All other ports are shown. Anything else to be configure?
yes its because they have been used already either in firewall policy or dhcp services. Before adding an interface to a ZONE, a interface must not be associated in any rules or policies

Fortigate Newbie

Fortigate Newbie
mrwin
New Contributor

Thanks. It worked!
Fullmoon
Contributor III

nice to hear that :)

Fortigate Newbie

Fortigate Newbie
bobm
New Contributor III

I have a similar setup, and am trying to streamline my config to save memory usage and make things easier to administer. One thing I just noticed (not sure if it' s new or I just never noticed it) is that some of our outbound traffic policies that we use for web filtering, etc. now have an option to add a second outbound port. I' m assuming that I can just add WAN2 to the WAN1 policies, and delete the redundant ones. Am I missing something, or is it that simple? Will it save memory usage since there are less policies in the list, or will the traffic volume negate that since some policies are being hit twice as often? Hesitant to make large changes like that because we only have one router, and I can' t really experiment much in a production environment. Thanks
Labels
Top Kudoed Authors