In this article, I show you how to connect two wan with fortigate firewall. Connect the FortiGate to your ISP devices by connecting the Internet-facing ports on the FortiGate to your ISP devices.
Connect WAN1 to the ISP that you want to use for most traffic, and connect WAN2 to the other ISP. if this step is not configured, there are only 2 modes on the interface: Static and DHCP.
First create pppoe dial-up profiles for the WAN ports on the Fortigate device.
Go to Network -> Select Interface -> Select the interface you want as an WAN port to dial the PPPoE.
Role: Choose WAN
Address: Choose PPPoE
Username and Password: Enter username and password provided by your carrier
You do the same on WAN2 ports (port2).
Then, configure port4.
Create the sd-wan interface
Go to "Netword" -> "SD-WAN Interfaces", click "Create New" button.
Under SD-WAN Interface Members, select "WAN1". Set the Gateway to "Dynamic".
Repeat these steps to add "WAN2".
Go to Network > Interfaces and verify that the virtual interface for SD-WAN appears in the interface list.
Configure SD-WAN load balancing
Go to Network > SD-WAN Rules. In the Load Balancing Algorithm field, select Volume, and prioritize WAN1 to serve more traffic.
For example, the ISP connected to WAN1 is a 800Mb link, and the ISP connected to WAN2 is a 200Mb link, so we balance the weight 80% to 20% in favor of WAN1. so we balance the weight 80% to 20% in favor of WAN1s.
Create a static route for the SD Wan interface
Go to Network > Static Routes and create a new route.
In the interface field select the sd-wan interface from the drop-down list.
Ensure that Status is set to Enable.
Configure a security policy
Configure a security policy that allows traffic from your organization's internal network to the SD-WAN interface.
Set Incoming Interface to the interface that connects to your organization's internal network and set Outgoing Interface to the SD-WAN interface.
Set Source, Destination Address, Schedule, and Services is all.
Make sure the Action is set to ACCEPT.
Turn on NAT.
Enable Log Allowed Traffic for All Sessions to allow you to verify the results later.
You can now browse the Internet using any computer that connects to the FortiGate's internal interface.
Configure link health monitoring
You can configure link health monitoring to verify the health and status of the links that make up the SD-WAN link.
Go to Network > Performance SLA and create a new performance SLA.
In the Server fields, enter the IP addresses of up to two servers that you want to use to test the health of each SD-WAN member interface.
In the Participants field, select the SD-WAN interface members that you want the health check to apply to.
Facebook: https://www.facebook.com/routerbest
Twitter: https://twitter.com/routerbestcom
Tags: FortiGate
