Hot!ISP and ports LAN/WAN

New Member
  • Total Posts : 13
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/22 20:34:04
  • Status: offline
2019/05/14 11:20:49 (permalink)

ISP and ports LAN/WAN

Good afternoon,

Well, I'm here for a couple of consultations:

1) In the company we have 2 ISPs, let's say A and B and we want our neighbors to only go through ISP B. They arrive through a cable from a direct switch to a LAN port to our fortigate. What would be the best way to do what was proposed?


2) By doing some tests we have separated a port from the LAN and we have converted it into WAN. Is there a way to remove it and return it to the LAN? because if there is, we can not find it.

Greetings and thanks in advance.

3 Replies Related Threads

    Gold Member
    • Total Posts : 369
    • Scores: 21
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: ISP and ports LAN/WAN 2019/05/14 23:50:12 (permalink)
    1) create a policy that allows traffic from your neighbour to the internet only through ISP B. Or maybe use SDWAN and do IP based blancing (but I am not sure if you can split upon source ip in here).
    2) you cannot convert an interface. You can only change it's role to WAN. If you want to revert that just change the role back to LAN :)
    Expert Member
    • Total Posts : 6019
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: ISP and ports LAN/WAN 2019/05/15 00:35:31 (permalink)
    1) look up "Policy routing". This is a route which is not (only) determined by the destination, but by the source subnet. All traffic from your neighbor's subnet will then be directed to the port serviced by ISP B.
    A simple policy won't do but is (of course) additionally required.
    2) "All Ports Are Created Equal". There is no difference between ports except for their label.
    There is only one exception (there's always one): management ports are non-routing and should not be used for production traffic.


    " Kernel panic: Aiee, killing interrupt handler!"
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/02/22 12:26:22
    • Status: offline
    Re: ISP and ports LAN/WAN 2019/05/21 13:38:15 (permalink)
    use SD-WAN with FortiOS of 6.0.X and set a SD-WAN rule with their source ip range and the ISP B interface as a destination (like a policy route). That's pretty much what we do to separate the public wifi of the regular LAN network. SD-WAN will clearly simplify your Internet/VPN IPSec policies if you include multiple interfaces in it.
    Jump to:
    © 2019 APG vNext Commercial Version 5.5