Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hoaian83
New Contributor

Created on ‎03-16-2017 06:03 PM

Multi WAN of same ISP - 200D (v5.4.4)

Hi all,

 

Please help me the following case as picture on FTG 200D. I have 2 internet line of same ISP (same gateway) and this is what I want for my network:

- 192.168.1.x -> WAN 1 (static ip)

- 10.1.1.x -> WAN 2 (static ip)

- Route 2 network layer above

 

 

As succeeded, 2 networks see each other, in/out through WAN 1 is OK, but I just can make out through WAN 2. The problem is that I cannot ping ip of WAN 2 from outside and cannot access 10.1.1.x through WAN 2 from outside.

 

Please help me config this in GUI.

 

Thanks,

Hoai An

 

 

 

Preview file
21 KB
Labels:
21761
0 Kudos
13 REPLIES 13
hoaian83
New Contributor

Created on ‎03-20-2017 05:30 PM

any help? :(

3505
0 Kudos
zeki893
New Contributor II
In response to hoaian83

Created on ‎03-27-2017 01:43 PM

i don't think that's possible with the same gateway. setup the the two wan ports as a active/redundant LAG.

3505
0 Kudos
hoaian83
New Contributor
In response to zeki893

Created on ‎03-27-2017 07:00 PM

it's not redundant WAN, it's separated WAN. I just want to use Fortigate as a PPOE device for 2 lines of internet. Any suggestion?

3505
0 Kudos
zeki893
New Contributor II
In response to hoaian83

Created on ‎03-27-2017 09:06 PM

but in your diagram they both have the same gateway. was that a mistake?

3505
0 Kudos
hoaian83
New Contributor
In response to zeki893

Created on ‎03-27-2017 11:37 PM

Nope. Same gateway bc of same ISP. And I got trouble how to make it work for both in/out through WAN 2

3505
0 Kudos
lunhas2k4
New Contributor II
In response to hoaian83

Created on ‎03-28-2017 04:12 AM

Hi @hoaian83,

 

I had a similiar issue with a client of mine, I resolved it by using VDOMS. It was an older version of the FortiOS I used. I believe that concept should be the same.

 

Let us know how it goes.

Carlitos loves firewalls

NSE4 (5.4,6.0)

NSE5 (Fortimanager 6.0, Fortianalyzer 6.0)

NSE7 (Enterprise Firewall 6.0)

Carlitos loves firewalls NSE4 (5.4,6.0) NSE5 (Fortimanager 6.0, Fortianalyzer 6.0) NSE7 (Enterprise Firewall 6.0)
3505
0 Kudos
Alpha7
New Contributor III
In response to lunhas2k4

Created on ‎03-28-2017 04:38 AM

Have you tried with both WAN1 and WAN2 default route with same distance and policy routes for source based routing?

3505
0 Kudos
Carl_Wallmark
Valued Contributor
In response to lunhas2k4

Created on ‎03-28-2017 04:38 AM

You could use Policy Routes:

 

1. Source: 192.168.1.x -> Dst: 0.0.0.0/0.0.0.0 ->Use WAN1 GW: 115.16.1.20

2. Source: 10.1.1.x -> Dst: 0.0.0.0/0.0.0..0 -> Use WAN2 GW 115.16.1.20

 

Or use VDOMs, more complicated but works.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3505
0 Kudos
hoaian83
New Contributor
In response to Carl_Wallmark

Created on ‎03-28-2017 06:01 PM

@lunhas2k4: Thanks, I will give this way a try after testing with policy route. And will let you know the result.

@Alpha7: Thanks, I tried it but not work. I am trying this way again.

@Selective: Thanks, I will try this way again and let you know.

 

3505
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.