Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Xcage
New Contributor

Help with routing a client(PC on lan) through certain Wan ISP line

Hi all ,

 

So the issue or the help that i need is with routing a client on lan network only through certain wan isp line because he needs to have the external ip adress of that one specific isp.

Its a fortigate 90D unit with 6 different ISP lines all on WANLLB (load balanced) and i want to know how can i route someone from lan network only through certain wan ports or w.e you want to call them.

 

i assume its done using policy routing but have no idea how to do that, anyone can point me into the right direction?

5 REPLIES 5
EMES
Contributor

config router policy edit 0 set action permit set protocol 0

set src <IP OF User>

set dst 0.0.0.0/0 set gateway <ISP GATEWAY>

set input-device <Internal Interface> set output-device <ISP INTERFACE> set status enable next end

 

That should work and send all the users traffic that way.

Xcage
New Contributor

Thank you very much for help. That works the same like making a policy route using GUI ? If so how would I configure it so it only send certain traffic using certain interface for a certain user. For instance I want all ftp traffic to use for example wan1, and I do have all my users reserved up addresses and names if that helps
EMES

It is the same as the GUI yes, Heres another post adding a little more about it.

https://forum.fortinet.com/FindPost/150150

 

If you want all FTP traffic to flow that way the you would set the protocol to TCP and set the destination ports from 20 to 21. For the source you would set your internal subnet or subnets. If you have address objects of your internal subnets or groups, you can use those in the CLI but not in the GUI.

EMES

If you do not use the address objects in the CLI then you will have to make multiple policies for each source subnet if the subnets are not contiguous.

 

Xcage
New Contributor

ok so first of all thank you very much for the help.

 

i did what you said , and configured the routing for the specific client like so (tried WAN2 and internal1)

 

 

but i see that the traffic (port21) still goes thru the same wan interface like all the other traffic

 

 

now it doesnt really matter which wan interface i choose ,its still routes FTP traffic thru same interface

 

(except the one that the machine is actually using at the moment obviously)

 

and this is my policy route page , making sure that there is no other policy route defined for that same machine

 

 

 

what am i missing ? btw if i route ALL the traffic it works.

Labels
Top Kudoed Authors