Scribd
Upload
26 views

Using A Virtual WAN Link For Redundant Internet Connections

This document describes how to create a virtual WAN link on a FortiGate unit to provide redundant internet connections from two ISPs. It involves connecting the two ISPs to the FortiGate, deleting existing policies and routes, creating the virtual WAN link with weighted load balancing to prioritize one ISP, creating a default route for the virtual WAN link, allowing internal network traffic to the virtual WAN link, and viewing traffic logs to confirm it is load balancing across the two connections.

Uploaded by

Wilmer Costas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views

Using A Virtual WAN Link For Redundant Internet Connections

This document describes how to create a virtual WAN link on a FortiGate unit to provide redundant internet connections from two ISPs. It involves connecting the two ISPs to the FortiGate, deleting existing policies and routes, creating the virtual WAN link with weighted load balancing to prioritize one ISP, creating a default route for the virtual WAN link, allowing internal network traffic to the virtual WAN link, and viewing traffic logs to confirm it is load balancing across the two connections.

Uploaded by

Wilmer Costas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Using a virtual WAN link for redundant Internet

connections
In this example, you will create a virtual WAN link that provides your FortiGate unit with
redundant Internet connections from two Internet service providers (ISPs). The virtual WAN
link combines these two connections into a single interface.
This example includes weighted load balancing so that most of your Internet traffic is
handled by one ISP.

1. Connecting your ISPs to the FortiGate


2. Deleting security policies and routes that use WAN1 or WAN2
3. Creating a virtual WAN link
4. Creating a default route for the virtual WAN link
5. Allowing traffic from the internal network to the virtual WAN link
6. Results

Internet

Virtual WAN Link


ISP 1 ISP 2
WAN 1 WAN 2

FortiGate

Internal Network
1. Connecting your ISPs to the
FortiGate
Connect your ISP devices to your
FortiGate so that the ISP you wish
WAN 1 WAN 2
to use for most traffic is connected ISP 1 ISP 2
to WAN1 and the other connects to FortiGate
WAN2.

2. Deleting security policies


and routes that use WAN1 or
WAN2
You will not be able to add an
interface to the virtual WAN link if
it is already used in the FortiGate’s
configuration, so you must delete
any policies or routes that use either
WAN1 or WAN2.
Many FortiGate models include a
default Internet access policy that
uses WAN1. This policy must also be
deleted.

Go to Policy & Objects > Policy >


IPv4 and delete any policies that use
WAN1 or WAN2.

After you remove these policies,


traffic will no longer be able to
reach WAN1 or WAN2 through the
FortiGate.
Go to Router > Static > Static
Routes and delete any routes that
use WAN1 or WAN2.

3. Creating a virtual WAN link


Go to System > Network >
Interfaces and select Create New >
Virtual WAN.

Set WAN Load Balancing to


Weighted Round Robin. This will
allow you to prioritize the WAN1
interface so that more traffic uses it.

Add WAN1 to the list of Interface


Members, set Weight to 3, and set
it to use the Gateway IP provided by
your ISP.
Do the same for WAN2, but instead
set Weight to 1.
The weight settings will cause 75%
of traffic to use WAN1, with the
remaining 25% using WAN2.
4. Creating a default route
for the virtual WAN link
Go to Router > Static > Static
Routes and create a new default
route.
Set Device to the virtual WAN link.

5. Allowing traffic from the


internal network to the virtual
WAN link
Go to Policy & Objects > Policy >
IPv4 and create a new policy.
Set Incoming Interface to your
internal network’s interface and set
Outgoing Interface to the virtual
WAN link.
Turn on NAT.

Scroll down to view the Logging


Options. To view the results later, turn
on Log Allowed Traffic and select
All Sessions.
6. Results
Browse the Internet using a PC on
the internal network and then go to
System > FortiView > All Sessions.
Ensure that the Dst Interface column
is visible in the traffic log. If it is not
shown, right-click on the title row
and select Dst Interface from the
dropdown menu. Scroll to the bottom
of the menu and select Apply.

The log shows traffic flowing through


both WAN1 and WAN2.

Disconnect the WAN1 port, continue


to browse the Internet, and refresh
the traffic log. All traffic is now flowing
through WAN2, until you reconnect
WAN1.

You might also like