Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
camadiso
New Contributor

Wan-Load-Balancing with Dynamic IP-pools

we currently have 3700D Fortigates. They are functioning with two ISP on port 19 and 20. We are exploring load balancing and combining the wan interface. 

 

We currently use dynamic IP pools to NAT ipaddresses of things like our servers or spamfilters to the outside world. 

 

for instance: if our outgoing interface on 19 to IPS1 is a 216.x.x.12 address. and our server currently routes out port 19, we assign it another IP address from that provider that we have rights to...ex. 216.x.x.25

 

now that we are combining the wan links, the rule would point to either ISP1 or ISP2. ISP2 won't accept the ippool address for ISP1 ( or so we assume) so we need to make a second ippool for ISP2. We have the addresses to do this, and the fortigate lets you assign multiple pools to the rule. 

 

the question: if the device hits the rule. how will it know to use the correct pool for the correct wan interface. for instance. if it comes in and grabs a IPPool address for ISP2 but then tries to go out ISP1, will it know it failed to connect and then try ISP2? Or by the merit of the ip address will it look to see which ISP it matches and goe out that link?

 

thanks, 

 

3 REPLIES 3
camadiso
New Contributor

working with the engineers. it was determined that we basically can't use wan load balancing. that instead we should have two static routes. one with higher weight. that all our traffic flows to. then have policy based routing that will take a portion of that traffic and push it down the ISP2 pipe. 

 

we made sure that if either interface went down, it would allow all the traffic to reroute to the other isp. 

anoopelias

I am facing  the same exact situation now , we have two ISP and i am doing Wan link load balancing , i want to send out smtp out traffic from 2 ip pools ( i belong to ISP-A and other ISP-B ) , this is like fortigate is punishing us for upgrading to 5.4 , i was more happy with old 5.0  .

MikePruett

When you guys get to that level of configuration you wont to start looking at BGP

Mike Pruett Fortinet GURU | Fortinet Training Videos
Labels
Top Kudoed Authors