Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DamianLozano
New Contributor

Some users load balance to new ADSLs

Hello,

 

I have currently a Fortigate 100E with firmware 5.6.6, this has 3 different internet connections (Wan1, Wan2 and Port1)

These 3 ISPs have static routes with the same distance and pririty, and I have some policy routes for specific traffic.

I need to add 2 additionals ADSLs (Port2 and Port3), I need to configure for specific IPs could access Internet only through any of these 2 new ADSLs (Load balance), and keep the others to go out like now.

For example: I need to make a load balance for 172.20.4.128/25 between port2 and port3.  And keep the other traffic like now. 

I have created a SDWAN, configured both interfaces and added these to the SDWAN

The fortigate does not allow me to create a policy route with the SDWAN.

Which is the better way to accomplish the task?

Is the only way to add a static route for the SDWAN with the same distance and priority than other ISPs and using IPv4 Policies to select which local IP goes out through which interface?

Any other suggestion? (with or without SDWAN)

 

Thanks in advance.

Regards,

Damián

9 REPLIES 9
Dave_Hall
Honored Contributor

 Are you creating these rules under SD-WAN Rules?

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
DamianLozano
New Contributor

I still did not create any rule

Just wanted to know which is the better way to accomplish what I mentioned

I think SD-WAN Rules are to send some traffic through some SD-WAN member, which so far I dont need to do, just need to make a load balance with those traffic which should go out through the SD-WAN

 

Thanks

Regards

Damián

orani

You can make two ip pools with overload option and your port 2,3 public ips. Then create the address groups needed for your internal machines which you want to pass from these two lines. Create a rule from internal to SD-WAN with source those addresses and destination any. Enable NAT and choose "use dynamic ip pool", add to the dynamic pool the two objects that you created at the first step.

 

This should route your traffic from those interfaces.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
DamianLozano

Hmmmmm,

Sorry about the delay.

Thanks Orani for your response.

What happen if the ADSLs has dynamic IPs?

 

Thanks in advance.

Regards,

Damián

orani

Hmmm, thats an intresting question. I have never been in that situation. I do not know what should the configuration be. Probably you can't set an ip pool with a static ip when your isp gives you dynamic ips.

 

A posible scenario might be the following. The ips your isp gives to you must be from a specific subnet. If thats true, you might be able to choose overload and set the range with the start and end ip of this subnet. But to be sure if this is true you must contact your isp.

 

I think this scenario will work, but keep in mind that i have never configured something like that.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
DamianLozano

Thanks Orani,

 

What happen if I dont specify "use dynamic ip pool" in the rule?

If I just add a static route for the SDWan to 0.0.0.0/0 with the same distance and priority than the other WAN interfaces?

Will this work?

 

Regards,

Damián

orani

I think that will work.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
DamianLozano

Ok, thanks.

Will try

 

Regards,

Damián

DamianLozano

Hello,

 

Sorry for refresh this old ticket, but I left the issue and just coming back to it

The problem I have is that Fortigate does not allow me to create static route for sdwan and non-sdwan interfaces, I mean, if I have already static routes pointing to WAN1 or WAN2 (These interfaces are not in the SDWAN), the fortigate does not allow me to add an static route with a sdwan interface.

Also, if I want to create a policy route, the sdwan interface does not appear in the drop menu, so I can not chose it.

 

Any Idea?

 

Thanks

Regards

Labels
Top Kudoed Authors