- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Add ISP to WAN2 (FortiGate 60E)
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Add ISP to WAN2 (FortiGate 60E)
Hi all,
im new in fortigate currently we use fortigate 60e and inside already config use wan1 from ISP setup by previous people, now the company just purchase new ISP from different ISP which is i need to add at WAN2 but after i follow the cookbook config i unable to connect the internet for wan2. can some one help me how can i config wan2?
in picture i already remove back the config
reference basic config:
https://docs.fortinet.com...ecting-network-devices
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, and welcome to the forums You have to configure Wan2 accordingly to your new ISP settings (IP, Subnet) and you have to change the default route to the new (ISP) gateway. But be carefull, this will break your wan1 internet access and any policy that is going to wan1. What is the plan, to use both ISPs in the future? If so, maybe SD-WAN https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/19246/sd-wan is an option for you. Anyhow, you have to change the config and policies anyway. For testing wan2 after you have setting up correctly, you can configure a route to a specific URi or host, let's say google.ch, make a policy and check if you can reach. For smooth migration, you can copy paste all the policies going to wan1 and change them to wan2 (having all then twice -> internal -> wan1 | internal -> wan2). Then you change the default route. If anything is working fine over wan2, you can delete the wan1 policies. Otherwise you change back the default route and you are fast back with internet access. You can also save a config backup and change all wan1 policies to wan2 with a text editor and upload the config. But this is not the best way if your box is in production. It will reboot the box and if there is some mistake, you probaly will break the access and/or your inet access.
________________________________________________________
--- NSE 4 ---
________________________________________________________
________________________________________________________--- NSE 4
---________________________________________________________
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi thanks for reply so to compromise ur explanation that means i need to do like this
after i finish this step
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/428376/configuring-interfaces
all the thing i need to do is routing and policy setting, and for internal setting is internal LAN right must create and assign ip for both diffrent ip?
INTERNAL -> WAN1
INTERNAL -> WAN2
after finish testing both connection then only i can start config for redundancy right?
Regards & Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi markus thanks for explanation last time i have sucefully point wan2 isp to fortigate 60e, but it still using wan1 as main internet unless wan1 down it will switch to wan2.
so here wan2 is backup unless i create wan load-balancing as you said before only then it will use both isp.
so next step is to create wan laod-balancing as i have to delete the routing and ipv4 policy then create new.
thanks again
regards
noor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Noor
Yes, if you want to loadbalance over 2 ISPs, this is the "simpelst" way to do.
Best,
Markus
________________________________________________________
--- NSE 4 ---
________________________________________________________
________________________________________________________--- NSE 4
---________________________________________________________
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi markus.
my problem is resolve now the internet has been sharing for both ISP.
for the rest lan port what the use ya?
can i setup the lan port as gateway?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, this is correct...
________________________________________________________
--- NSE 4 ---
________________________________________________________
________________________________________________________--- NSE 4
---________________________________________________________
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
no, you just use your "internal" as already setup (just named it iternal, maybe you have another naming)
________________________________________________________
--- NSE 4 ---
________________________________________________________
________________________________________________________--- NSE 4
---________________________________________________________
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
no, you just use your "internal" as already setup (just named it iternal, maybe you have another naming)
________________________________________________________
--- NSE 4 ---
________________________________________________________
________________________________________________________--- NSE 4
---________________________________________________________
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hai markus.
do i have to create internal lan for wan2 also ?
as i test using wan2 using internal port lan1&2 which is previous setup from another isp(wan1) can get internet.
Related Posts
Labels
-
FortiGate
6,459 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.