AnsweredHot!Adding a new WAN Interface

Author
lutfucan
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/09/09 00:03:24
  • Status: offline
2020/09/09 00:26:49 (permalink)
0

Adding a new WAN Interface

I had 3 WAN connection (ADSL modems) providing internet access to my company. I brought 4th connection which has a fiber metro connection by the switch and connected to my 4th port.
1 - First set the new interface (named as metro_port). I selected role as WAN, Addressing mode as manual and IP/Netmask as ISP provided.
2 - At Second step i defined Static Route. I gave destination to 0.0.0.0/0.0.0.0, interface as set up in the first step(metro_port) and gateway as ISP provided.
3 - At third step i have insterted a new Policy Route in order to set my computer go out to internet over metro_port.
4 - I set up a new Firewall Policy, incoming as Lan, Outgoing as metro_port, source as my computer's IP address. Selected NAT enabled. To maximize priority of this policy i dragged it to the first in list.
 
Now unless unplugging or disabling my old WAN connections (ADLS modem connections), i cannot use new WAN connection to use internet access. I checked log tables, it doesn' even use to this policy.
 
What am i doing wrong?
#1
lobstercreed
Platinum Member
  • Total Posts : 315
  • Scores: 37
  • Reward points: 0
  • Joined: 2018/11/28 14:57:58
  • Location: Sedalia, MO
  • Status: offline
Re: Adding a new WAN Interface 2020/09/09 04:16:11 (permalink) ☼ Best Answerby lutfucan 2020/09/09 06:01:08
0
Check your routing table (get router info routing-table all) to see if the new static route is even in the table. 
 
In order to use multiple default routes the distance has to be the same (though the priority can be different to determine the path used without policy routing).
#2
lutfucan
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/09/09 00:03:24
  • Status: offline
Re: Adding a new WAN Interface 2020/09/09 06:05:20 (permalink)
0
I can see new static route fom routing table, ist says :
 
176.xxx.xxx.xxx/30 is directly connected
 
But i am not using multiple static route, i defined just one static route for this new gateway.
#3
lobstercreed
Platinum Member
  • Total Posts : 315
  • Scores: 37
  • Reward points: 0
  • Joined: 2018/11/28 14:57:58
  • Location: Sedalia, MO
  • Status: offline
Re: Adding a new WAN Interface 2020/09/09 06:26:46 (permalink)
0
What kind of default routes are your other WAN connections using then, if not static?  That would be the problem most likely.  ECMP does not work across different types as far as I know, so you'll need to make sure all the routes are the same type and distance to be able to route across different WAN connections simultaneously.
#4
lutfucan
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/09/09 00:03:24
  • Status: offline
Re: Adding a new WAN Interface 2020/09/10 00:06:19 (permalink)
0
I created static routes for another WAN interfaces now, attacched configuration below.
 
But nothing has changed. Routing table is not showing matching routes with my static route configuration.  
Exclamation warnings say "xxx.xxx.xxx.xxx gateway ip could be unreachable. it is not in any subnet of the interface"
I tried using different priorities as well.
 
At the same time I have policy routes directing internal clients (sources) to specified interfaces. Will these settings affect static routes?

Attached Image(s)

#5
lobstercreed
Platinum Member
  • Total Posts : 315
  • Scores: 37
  • Reward points: 0
  • Joined: 2018/11/28 14:57:58
  • Location: Sedalia, MO
  • Status: offline
Re: Adding a new WAN Interface 2020/09/10 02:33:03 (permalink)
0
You still did not answer what kind of default routes your other WAN connections are using.  It sounds like you mis-configured the statics that you just added, so naturally that wouldn't change anything.  If I saw your routing table (result of get router info routing-table all) I would be able to answer this better.
#6
lutfucan
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/09/09 00:03:24
  • Status: offline
Re: Adding a new WAN Interface 2020/09/10 02:42:07 (permalink)
0
Excuse me. I am not very good with fortigate but i was configured this years ago. Even if i enter static routes or not,

get router info doesn't chage. So i deleted static routes and now router info is :
 
 
Pxxxx # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 212.xxx.xxx.217, ppp3, [0/40]
                  [5/0] via 212.xxx.xxx.217, ppp2, [0/30]
                  [5/0] via 212.xxx.xxx.217, ppp1, [0/30]
C 10.0.0.0/24 is directly connected, kablosuz
C 88.xxx.xxx.35/32 is directly connected, ppp3
C 88.xxx.xxx.36/32 is directly connected, ppp2
C 88.xxx.xxx.209/32 is directly connected, ppp1
C 176.xxx.xxx.120/30 is directly connected, port4
C 192.168.0.0/24 is directly connected, lan
C 192.168.2.0/24 is directly connected, port2
C 212..xxx.xxx.217/32 is directly connected, ppp3
                           is directly connected, ppp2
                           is directly connected, ppp1

 
#7
lobstercreed
Platinum Member
  • Total Posts : 315
  • Scores: 37
  • Reward points: 0
  • Joined: 2018/11/28 14:57:58
  • Location: Sedalia, MO
  • Status: offline
Re: Adding a new WAN Interface 2020/09/10 03:27:51 (permalink) ☄ Helpfulby lutfucan 2020/09/10 04:08:09
5 (1)
Sorry, I was a little out of my depth here.  I don't understand how you can have the 212.xxx.xxx.217 address on 3 different interfaces.  It looks like it should be 88.xxx.xxx.35, 36, or 209 for each different interface.  However, Googling this a bit it sounds like this is a common practice with PPPoE (which I have 0 experience with)...
 
This link may help you.  It's a similar setup to yours I think:  https://kb.fortinet.com/kb/documentLink.do?externalID=FD32573
 
The key as I mentioned originally was that the distance has to be the same between the routes, so you'll need to set a distance of 5 for your new fiber default route.  By default it was 10 (as observed in the screenshot earlier). 
 
This would also explain why nothing changed when you added the other static routes in that screenshot.  They were all using a distance of 10 whereas these dynamic gateways you're getting from PPPoE use a distance of 5 and would exclude the ones with 10 from entering the routing table.
#8
lutfucan
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/09/09 00:03:24
  • Status: offline
Re: Adding a new WAN Interface 2020/09/10 04:10:35 (permalink)
0
Solved, thanks a lot.
 
I was configured my interfaces as PPPoE and distances were defined as 5 there. Now i just added new static route for my new WAN connection with the distance 5 and it's worked.
#9
Toshi Esumi
Expert Member
  • Total Posts : 2275
  • Scores: 219
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Adding a new WAN Interface 2020/09/10 08:18:21 (permalink)
0
Next time when you have a chance to make changes, consider setting the interface distance, which inserts static default route when PPPoE or DHCP pulls its IP, much larger like 100 or 220. That would make the interface injected default route lower priority in distance than some routing protocol's routes.
We do this all the time because we use BGP in our network to control even the default route.
#10
Jump to:
© 2020 APG vNext Commercial Version 5.5