Routing
You need to configure a default route for each interface and indicate which route is preferred by specifying the distance. The lower distance is declared active and placed higher in the routing table.
| When you have dual WAN interfaces that are configured to provide fail over, you might not be able to connect to the backup WAN interface because the FortiGate unit may not route traffic (even responses) out of the backup interface. The FortiGate unit performs a reverse path lookup to prevent spoofed traffic. If no entry can be found in the routing table which sends the return traffic out the same interface, then the incoming traffic is dropped. |
To configure the routing of the two interfaces - web-based manager
1. Go to Router > Static > Static Routes and select Create New Route or IPv6 Route.
For low-end FortiGate units, go to System > Network > Routing and select Create New Route or IPv6 Route.
2. Set the Destination IP/Mask to the address and netmask of 0.0.0.0/0.0.0.0 if it’s an IPv4 route. If it’s an IPv6 route, set Destination IP/Mask to the address and netmask of ::/0
3. Select the Device to the primary connection, WAN1.
4. Enter the Gateway address.
5. Select Advanced.
6. Set the Distance to 10.
7. Select OK.
8. Repeat steps 1 through 7 setting the Device to WAN2 and a Distance of 20.
To configure the IPv4 routing of the two interfaces - CLI
config router static
edit 1
set dst 0.0.0.0 0.0.0.0
set device WAN1
set gateway <gateway_address>
set distance 10
next
edit 1
set dst 0.0.0.0 0.0.0.0
set device WAN2
set gateway <gateway_address>
set distance 20
next
end
To configure the IPv6 routing of the two interfaces - CLI
config router static6
edit 1
set dst ::/0
set device WAN1
set gateway <gateway_address>
set distance 10
next
edit 1
set dst ::/0
set device WAN2
set gateway <gateway_address>
set distance 20
next
end
See Also