Two ISP - Two WAN ( 1 - Static, 1 - Dynamic) - Link Redundancy | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Cookbook, KB

Mark Thread UnreadFlat Reading Mode ❐

Hot!Two ISP - Two WAN ( 1 - Static, 1 - Dynamic) - Link Redundancy

Author Post Essentials Only Full Version
pureocean New Member Total Posts : 5 Scores: 0 Reward points: 0 Joined: 2019/02/12 00:01:39 Status: offline 2019/02/12 00:53:44 (permalink) 0 Two ISP - Two WAN ( 1 - Static, 1 - Dynamic) - Link Redundancy Hi I would like to know the best practice for configuring link Redundancy and to distribute the Internet traffic over both links, Currently, most of the setting was routed to the static Internet (Slower Speed) and as intended I would like to route most of the internet browsing port 80 to dynamic internet (Higher Speed), also how to resolved the DNS issue since there are two different ISP. many thanks in advance #1 3 Replies Related Threads
lobstercreed Gold Member Total Posts : 125 Scores: 21 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: offline Re: Two ISP - Two WAN ( 1 - Static, 1 - Dynamic) - Link Redundancy 2019/02/12 03:21:24 (permalink) 0 There are many documents on this, both on the cookbook website and on this forum. I'll link you to a few of the relevant ones: https://cookbook.fortinet.com/redundant-internet-basic-failover-56/ https://cookbook.fortinet.com/redundant-internet-with-sd-wan-60/ https://forum.fortinet.com/tm.aspx?m=143704 I'm not sure what you mean about the DNS issue though? Are you hosting a server on-site that needs to be reachable from the Internet? That creates a bit of a different challenge... #2
pureocean New Member Total Posts : 5 Scores: 0 Reward points: 0 Joined: 2019/02/12 00:01:39 Status: offline Re: Two ISP - Two WAN ( 1 - Static, 1 - Dynamic) - Link Redundancy 2019/02/13 04:12:49 (permalink) 0 lobstercreed There are many documents on this, both on the cookbook website and on this forum. I'll link you to a few of the relevant ones: https://cookbook.fortinet.com/redundant-internet-basic-failover-56/ https://cookbook.fortinet.com/redundant-internet-with-sd-wan-60/ https://forum.fortinet.com/tm.aspx?m=143704 I'm not sure what you mean about the DNS issue though? Are you hosting a server on-site that needs to be reachable from the Internet? That creates a bit of a different challenge... Thank you lobstercreed, for the updates and information, the information really helpful and sort of working but I do have a few issues : 1. For the current settings, we do have a few wifi AP that routed to WAN1 by default, and once I have added an entry to a new WAN 2, our wifi connection found NO Internet and down immediately. Our current wifi setting -> Under Policy & Objects -> IPv4 wifi port 1 -> wan 1 (Internet) wifi port 2 -> local 1 ( accsing local machines and file server ) For that, I wasn't sure how to route this traffic to working internet. #3
lobstercreed Gold Member Total Posts : 125 Scores: 21 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: offline Re: Two ISP - Two WAN ( 1 - Static, 1 - Dynamic) - Link Redundancy 2019/02/14 05:19:41 (permalink) 0 Maybe I'm misunderstanding, but it seems the answer to your question is in the question. If your current policy only allows the wifi interfaces to access wan1 and you have not added any policies for wan2, then when you modify your routing to go out wan2 it would be dropped by firewall policy. It is best to use zones or SD-WAN for this purpose so you don't have to make redundant policies, but if you have a lot of config that can be difficult as you basically have to re-do it all. If you want some help, I have occasionally offered to help remotely (Zoom or TeamViewer) for a reasonable fee. It would probably have to be outside 8-5 (my normal job), but if I can look "over your shoulder" I can probably help you more quickly. Private message me if you want to do that. Thanks - Daniel #4

Jump to:

© 2019 APG vNext Commercial Version 5.5