Solved

fortigate 60 adsl router and load balancing

Posted on 2011-03-25
9
1,930 Views
Last Modified: 2012-05-11
hi,

i was wondering is it possible to load balance on this router?

it had two Wan ports and a dsl ports , i have two wan connections and i was hoping to have all interner traffic (http, https etc) and mail traffic (smtp, imap pop etc) in and out on one connection?
0
Comment
Question by:jonathanduane2010
  • 6
  • 3
9 Comments
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35214661
Yes it is possible. We have run ours in failover mode mostly, but you can setup specific routes that are based on IP ranges or protocols. i.e. send all https & https via WAN1 and all SMTP, POP3 & IMAP through WAN2.

That would mean that you could pick a protocol for generic stuff, but you could also setup all traffic from a specific service (IP range) to come or go through one port.

You can also set priorities in the routing table. So you can say go via WAN2 first...and if that is not available, go through normally.

Fortinet have quite a good knowledge base on their support site http://support.fortinet.com

I hope that helps.
0
 

Author Comment

by:jonathanduane2010
ID: 35215491
ok basically i am having a problem where i have two connections one for dsl and one for wan1

we have setup policies and for wan1 and DSL and say for instance i have setup port 80 to come from wan1 and when i enable that, internet doesnt work but if i actually plug out dsl connection internet will work from wan 1

just doesnt seem to work when trying to get it to work side by side
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35215812
What priority / distance have you set on the routes? Are they both the same?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:jonathanduane2010
ID: 35215866
no i have set wan1 to 2 and dsl 10
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216019
OK so let me get this clear.
You have a route to WAN1 for port 80 with a distance of 2
You have a second route to WAN2 for all other traffic at a distance of 10

Here is the setup I think you should have.
IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   20
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

* Replace with relevant gateway address

That will mean that you are in failover mode. i.e try one and then the other.

No you need to create another rule that overrides those two. Something like

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5

So that the 5 is the first one it tries on port 80. All other traffic will drop to the second route on distance 10 as it is not on port 80. And all traffic will fall to the WAN1 device if the others fail.

One other thing you may have an issue with is Firewall rules or NAT. i.e. you have the right route, but not the right permission on the firewall. Or you have NAT turned on or off for that rule and you need/don't need it.
0
 

Author Comment

by:jonathanduane2010
ID: 35216048
what i really want is more load balancing than failover

so basically i want all http traffic to go out from internal to wan 1

and then i want all other traffic to go out from internal to adsl

cheers
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216161
OK, well the same principles work, except that the second two routes need the same distance I believe.

IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   10
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216312
This might be a useful link. It is all about routing on the Fortigate units.

http://docs.fortinet.com/fgt/handbook/fortigate-dynamic-routing-40-mr1.pdf
0
 
LVL 1

Accepted Solution

by:
warrenkerrigan earned 250 total points
ID: 35216464
OK, it looks like this is what you need. See attached document.

 Fortinet-Knowledge-Base---View-D.pdf
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question