Topic Thread

Expand all | Collapse all

SD WAN and NAT Problem

  • 1.  SD WAN and NAT Problem

     
    Posted 22 days ago
    Hi All,

    My fortigte is 200D, software version is FGT_200D-v6-build0163. I have a problem. I use my backup firewall to snapshot in order to express my problem, our business is 24/7, I can't do any change on our firewall that is running. Our office has two Internet dedicated lines, I want to use primary link, if our primary link is at fault then switch over to use backup line. Because some reason, we don't use interface IP as NAT IP address.
    I configure to use our primary link.


    We don't use Interface as NAT IP.

    After I finished configuration, some of our computer went through our backup line and used Internet IP 180.1.1.3.
    I tried policy route to let all host from 10.16.180.0/24 go through our primary link, but some of computer still went through our backup link.
    Next, I delete the policy route and changed firewall policy as below picture.

    All of our computers go through our primary link. I tried disconnecting our primary link, after that all of our computers were disconnected from the Internet, the firewall can't switch over to use backup line.

    ------------------------------
    Fred [LastName] [Designation]
    Network Engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------


  • 2.  RE: SD WAN and NAT Problem

     
    Posted 22 days ago
    Dear,

    I think your problem hear is that you are using IP Pools with SDWAN. Fortigates always is choosing the first IPPools to get to the internet so the issue is with Fortigate trying to get through wan2 with the IP Pools of Wan1.
    If IP Pools is a must in your configuration you should switch to manual ECMP load balancing and do not use SDWAN.

    Regards

    ------------------------------
    Rony Moussa
    Fortinet NSE Certified: Level 8
    ------------------------------



  • 3.  RE: SD WAN and NAT Problem

     
    Posted 21 days ago
    Hi Rony,

    Thank you. I can't find ECMP load balancing of fortios 6.0. Should I downgrade the fortios version of our firewalls?

    ------------------------------
    Fred [LastName] [Designation]
    Network Engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 4.  RE: SD WAN and NAT Problem

     
    Posted 19 days ago
    Hi,

    Its configurable via cli only.

    Advanced static routing example: ECMP failover and load balancing
    Fortinet remove preview
    Advanced static routing example: ECMP failover and load balancing
    Advanced static routing example: ECMP failover and load balancing
    View this on Fortinet >


    Regards

    ------------------------------
    Rony Moussa
    Fortinet NSE Certified: Level 8
    ------------------------------