Hot!Fortigate 300D - 2 WAN link to setup for 2 different networks

Author
mustafa.chittalwala
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/08/16 15:56:53
  • Status: offline
2018/08/16 16:07:02 (permalink)
0

Fortigate 300D - 2 WAN link to setup for 2 different networks

Experts,
 
I am new to Fortinet World. So I need your HELP.
 
We have 2 Wan connections 1 for Staff and 1 for student. So I want 2 connection going through firewall (Not load balancing). and then Student network which is on Vlan1 should go out on Internet through WAN1 and same with Staff network access internet on WAN2.
 
Is it possible to achieve above scenario with Fortigate 300D ? if yes then someone can help me with in detail or guide me to correct direction via Video or reading material.
 
Thanks in advance. 
 
Regards
Mustafa
 

Attached Image(s)

#1

3 Replies Related Threads

    sw2090
    Gold Member
    • Total Posts : 172
    • Scores: 10
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Fortigate 300D - 2 WAN link to setup for 2 different networks 2018/08/16 23:07:04 (permalink)
    5 (1)
    Well Traffic from a net can only go wer your policy allows it to go ;)
    So just on the FGT create an internet policy with NAT for the staff vlan/network via WAN1 and one for the student vlan/network via WAN2 :)
    And you need of course to have default routes for both wans but if they do pppoe without static setup you don't need to care for this. Its set automatically when your wans come up in this case.
    #2
    Paul S
    Gold Member
    • Total Posts : 163
    • Scores: 8
    • Reward points: 0
    • Joined: 2011/05/02 16:49:52
    • Status: offline
    Re: Fortigate 300D - 2 WAN link to setup for 2 different networks 2018/08/17 14:50:03 (permalink)
    5 (1)
    Setting up the interfaces and policy should be fairly straight forward. I think routing will be your biggest challenge. I would use a policy route to resolve that.
     
    *Create two new interfaces on your LAN: System > Interfaces*
    LAN
    --> VLAN1 [students]
    --> VLAN2 [staff]
     
    *Policy > IPv4*
    [Students] --> [WAN1]: Allow, with desired UTM features. NAT: yes
    [Staff] --> [WAN2]: Allow, with desired UTM features. NAT: yes
     
    *Routing > Policy Routes*
    Src Int [Students] to 0.0.0.0/0 > Use WAN1, with GW x.x.x.x
    Src Int [Staff] to 0.0.0.0/0 > Use WAN2, with GW x.x.x.x
     
    You may need to use some policy routes in addition to those two if you have some non-internet policies for other network destination. action would be "stop policy routing".

    FG200D 5.2.10 (HA) - primary
    FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
    FAZ-VM 5.4.2  |  Fortimail 5.3.8
    Network+, Security+
    #3
    ede_pfau
    Expert Member
    • Total Posts : 5680
    • Scores: 385
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Fortigate 300D - 2 WAN link to setup for 2 different networks 2018/08/18 03:18:12 (permalink)
    5 (1)
    As there can only be ONE default route per system / per FGT / per VDOM, and you need 2 of these for 2 WANs, the only way to do this is to apply a Policy route for one of them.
     
    For the students, set up a default route pointing to WAN1. Done.
     
    For the staff, create a policy route pointing to WAN2. A PR allows to decide which way to go not only by the destination address like an ordinary route, but by matching source address, source port and other fields. In your case, the PR would match the staff's subnet and redirect traffic away from the default route, out to WAN2.
     
    Of course, you will need policies to finally allow the traffic. Both internet facing policies need to have NAT enabled.
     

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #4
    Jump to:
    © 2018 APG vNext Commercial Version 5.5