Remote access and port forwarding to WAN when SD-WAN rules are active

Singeb · ‎01-10-2024

Hello everyone,

I am new to the forum and Fortinet in general, so bare with me if this is an obvious mistake.

On a Fortigate firewall with updated firmware I have configured two WAN interfaces to work with SD-WAN rules that leave WAN1 as the main one and WAN2 as backup. This works fine.

However, I want to be able to ping WAN2 and redirect some of it's ports to internal clients, which is only working if WAN1 is down or if I switch the priorities around (otherwise the WAN2 ports are closed from the outside). I tried disabling all the port redirection policies and only try ping and ssh, but the problem persists.

The only relevant post I found is this unsolved one. Looking at the answers, I checked my default routes and I have two with destination 0.0.0.0, both of them with "Gateway Address" corresponding to the correct one of their interfaces (WAN1 and WAN2). Is this correct? Or should I have one with Interface as SD-WAN? What else should I check?

Thanks in advance

eowusu · ‎01-10-2024

yes that is wrong. Kindly create the static route with the sdwan zone. Once you select interface under static routes. You should see an option for the zone you placed both WAN links in(virtual-wan-link)

View solution in original post

eowusu · ‎01-10-2024

Did you create the default route for each WAN link separately or are they both in the same zone(virtual-wan-link) as a default route? Kindly check that

Singeb · ‎01-10-2024

Thank you for the reply. I created the static routes for each WAN to 0.0.0.0 separately. Is this wrong?

eowusu · ‎01-10-2024

yes that is wrong. Kindly create the static route with the sdwan zone. Once you select interface under static routes. You should see an option for the zone you placed both WAN links in(virtual-wan-link)

Singeb · ‎01-10-2024

Thanks a lot, that was the issue.

eowusu · ‎01-10-2024

You are welcome.