Hello Everyone,
I am planning to configure each departments to access internet with different internet line.
Below is the step in my mind, hope all of you can give some advise.
- Create WAN LLB with Volume mode, weight put 0 for every WAN interface.
- Create WAN LLB Rules:
- Source Address=All
- Users Group=Departments
- Destination Address=All
- Protocol=Any
- Outgoing Interface=Preferred WAN interface
- Create IPv4 Policy, Internal LAN to WAN
- Source=Internal
- Destination=Preferred WAN
- NAT=Enable
Kindly advise above configuration is correct or wrong. If additional configuration is needed, please guide me on this.
Thanks much !!
hi,
this is mainly a routing problem. There's one (1) and only one default route to unknown hosts on the 'net per system/FGT so you'll have difficulties with LLB alone.
Suggestion: create one VDOM per department, administer them from the 'root' VDOM. This way, each dept. will have it's own firewall, admins, users, policies, routes etc. etc.
Most FGTs feature 10 VDOMs for free, the bigger ones can be expanded up to 500 VDOMs.
Ok, let me try it..
Thanks lot.
You can also just make sure each department is on a different subnet and do policy routes for specific departments to go out a certain pipe.
Mike Pruett
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.