Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
eslam_hassanein
New Contributor

splitting traffic on 2 links

Good day dears

i have internal network with 1 and with 3 wan connections

i want to make some ip's go through wan1 and some through wan2 and the rest through wan3

how can i do that without load balance

my device is 300D and firmware is 5.4 

4 REPLIES 4
Sunil_Panchal_NSE7
New Contributor III

Dear friend ,

      this can be done through simple policy with taking care of internal interface and wan interface .

just do not create any load balancing interface just with proper and normal policy  

eslam_hassanein

superindian wrote:

Dear friend ,

      this can be done through simple policy with taking care of internal interface and wan interface .

just do not create any load balancing interface just with proper and normal policy  

dear i have tried this but the traffic is going by one link only. 

Sunil_Panchal_NSE7

dear friend ,

 

 when you are creating the policy 

like outgoing interface ,incoming interface , source.......that time you have to see the flow 

source should be ip range or host ip you want to route with specific wan.

example  you have 3 internet means 3 wan interface and internal network may be host 192.168.1.10,192.168.1.20 and reset

so you have to create policy like policy-1wan1 outgoing interface -incoming interface lan1 source 192.168.1.10

policy-2 wan2 outgoing interface -incoming interface lan1 source 192.168.1.20

policy-3 wan3 outgoing interface -incoming interface lan1 source other network 

you will get result what you want 

BUT BE CAUTION FIREWALL POLICY WORK TOP TO BOTTOM 

IF YOU PUT ALL NETWORK  POLICY AT TOP ,ALL USER WILL GO THROUGH ONLY ONE WAN .

 

 

neonbit

Remember that the FortiGate will look at the routing table before it looks at the policies. Because of this you'll want to configure policy based routes to direct sourceA through WAN1, sourceB through WAN2 and sourceC through WAN3. You'll still to have the standard firewall policies to allow these but without policy based routes you cant force different sources through different interfaces.

 

Also ensure that all your WAN connections are showing up in your routing table for default routes (same distance but can be different priorities).

Labels
Top Kudoed Authors