Solved

fortigate 60 adsl router and load balancing

Posted on 2011-03-25
9
1,952 Views
Last Modified: 2012-05-11
hi,

i was wondering is it possible to load balance on this router?

it had two Wan ports and a dsl ports , i have two wan connections and i was hoping to have all interner traffic (http, https etc) and mail traffic (smtp, imap pop etc) in and out on one connection?
0
Comment
Question by:jonathanduane2010
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35214661
Yes it is possible. We have run ours in failover mode mostly, but you can setup specific routes that are based on IP ranges or protocols. i.e. send all https & https via WAN1 and all SMTP, POP3 & IMAP through WAN2.

That would mean that you could pick a protocol for generic stuff, but you could also setup all traffic from a specific service (IP range) to come or go through one port.

You can also set priorities in the routing table. So you can say go via WAN2 first...and if that is not available, go through normally.

Fortinet have quite a good knowledge base on their support site http://support.fortinet.com

I hope that helps.
0
 

Author Comment

by:jonathanduane2010
ID: 35215491
ok basically i am having a problem where i have two connections one for dsl and one for wan1

we have setup policies and for wan1 and DSL and say for instance i have setup port 80 to come from wan1 and when i enable that, internet doesnt work but if i actually plug out dsl connection internet will work from wan 1

just doesnt seem to work when trying to get it to work side by side
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35215812
What priority / distance have you set on the routes? Are they both the same?
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:jonathanduane2010
ID: 35215866
no i have set wan1 to 2 and dsl 10
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216019
OK so let me get this clear.
You have a route to WAN1 for port 80 with a distance of 2
You have a second route to WAN2 for all other traffic at a distance of 10

Here is the setup I think you should have.
IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   20
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

* Replace with relevant gateway address

That will mean that you are in failover mode. i.e try one and then the other.

No you need to create another rule that overrides those two. Something like

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5

So that the 5 is the first one it tries on port 80. All other traffic will drop to the second route on distance 10 as it is not on port 80. And all traffic will fall to the WAN1 device if the others fail.

One other thing you may have an issue with is Firewall rules or NAT. i.e. you have the right route, but not the right permission on the firewall. Or you have NAT turned on or off for that rule and you need/don't need it.
0
 

Author Comment

by:jonathanduane2010
ID: 35216048
what i really want is more load balancing than failover

so basically i want all http traffic to go out from internal to wan 1

and then i want all other traffic to go out from internal to adsl

cheers
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216161
OK, well the same principles work, except that the second two routes need the same distance I believe.

IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   10
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216312
This might be a useful link. It is all about routing on the Fortigate units.

http://docs.fortinet.com/fgt/handbook/fortigate-dynamic-routing-40-mr1.pdf
0
 
LVL 1

Accepted Solution

by:
warrenkerrigan earned 250 total points
ID: 35216464
OK, it looks like this is what you need. See attached document.

 Fortinet-Knowledge-Base---View-D.pdf
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question