Chapter 2 Advanced Routing for FortiOS 5.0 : Border Gateway Protocol (BGP) : Dual-homed BGP example : Configuring the FortiGate unit : Configure interfaces and default routes
  
Configure interfaces and default routes
The FortiGate unit is connected to three networks — Company Network on the internal interface, ISP1 Network on external1interface, and ISP2 on external2 interface.
This example uses basic interface settings. Check with your ISP to determine if additional settings are required such as setting the maximum MTU size, or if gateway detection is supported.
High end FortiGate units do not have interfaces labeled Internal, or External. Instead, for clarity’s sake, we are using the alias feature to name interfaces for these roles.
Default routes to both external interfaces are configured here as well. Both are needed in case one goes offline. ISP1 is the primary connection and has a smaller administrative distance so it will be preferred over ISP2. Both distances are set low so they will be preferred over any learned routes.
To configure the FortiGate interfaces - web-based manager
1. Go to System > Network > Interface.
2. Edit port 1 (internal) interface.
3. Set the following information, and select OK.
Alias
internal
IP/Netmask
10.11.101.110/255.255.255.0
Administrative Access
HTTPS SSH PING
Description
Company internal network
Administrative Status
Up
4. Edit port 2 (external1) interface.
5. Set the following information, and select OK.
Alias
external1
IP/Netmask
172.21.111.5/255.255.255.0
Administrative Access
HTTPS SSH PING
Description
ISP1 External BGP network
Administrative Status
Up
6. Edit port 3 (external2) interface.
7. Set the following information, and select OK.
Alias
external2
IP/Netmask
172.22.222.5/255.255.255.0
Administrative Access
HTTPS SSH PING
Description
ISP2 External BGP network
Administrative Status
Up
To configure the FortiGate interfaces - CLI
config system interface
edit port1
set alias internal
set ip 10.11.101.110 255.255.255.0
set allowaccess http https ssh
set description “Company internal network”
set status up
next
edit port2
set alias external1
set ip 172.21.111.5 255.255.255.0
set allowaccess https ssh
set description “ISP1 External BGP network”
set status up
next
edit port3
set alias external2
set ip 172.22.222.5 255.255.255.0
set allowaccess https ssh
set description “ISP2 External BGP network”
set status up
next
end
To configure default routes for both ISPs - web-based manager
1. Go to Router > Static > Static Routes.
2. Delete any existing routes with a IP/Mask of address of 0.0.0.0/0.0.0.0
3. Select Create New, and set the following information.
Destination IP/Mask
0.0.0.0/0.0.0.0
Device
port2
Gateway
172.21.111.5
Distance
10
4. Select OK.
5. Select Create New, and set the following information.
Destination IP/Mask
0.0.0.0/0.0.0.0
Device
port3
Gateway
172.22.222.5
Distance
15
6. Select OK.
To configure default routes for both ISPs - CLI
config router static
edit 1
set device "port2"
set distance 10
set gateway 172.21.111.5
next
edit 2
set device "port3"
set distance 15
set gateway 172.22.222.5
next
end