Improve company productivity with a Business Account.Sign Up

x
?
Solved

fortigate 60 adsl router and load balancing

Posted on 2011-03-25
9
Medium Priority
?
2,078 Views
Last Modified: 2012-05-11
hi,

i was wondering is it possible to load balance on this router?

it had two Wan ports and a dsl ports , i have two wan connections and i was hoping to have all interner traffic (http, https etc) and mail traffic (smtp, imap pop etc) in and out on one connection?
0
Comment
Question by:jonathanduane2010
  • 6
  • 3
9 Comments
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35214661
Yes it is possible. We have run ours in failover mode mostly, but you can setup specific routes that are based on IP ranges or protocols. i.e. send all https & https via WAN1 and all SMTP, POP3 & IMAP through WAN2.

That would mean that you could pick a protocol for generic stuff, but you could also setup all traffic from a specific service (IP range) to come or go through one port.

You can also set priorities in the routing table. So you can say go via WAN2 first...and if that is not available, go through normally.

Fortinet have quite a good knowledge base on their support site http://support.fortinet.com

I hope that helps.
0
 

Author Comment

by:jonathanduane2010
ID: 35215491
ok basically i am having a problem where i have two connections one for dsl and one for wan1

we have setup policies and for wan1 and DSL and say for instance i have setup port 80 to come from wan1 and when i enable that, internet doesnt work but if i actually plug out dsl connection internet will work from wan 1

just doesnt seem to work when trying to get it to work side by side
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35215812
What priority / distance have you set on the routes? Are they both the same?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 

Author Comment

by:jonathanduane2010
ID: 35215866
no i have set wan1 to 2 and dsl 10
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216019
OK so let me get this clear.
You have a route to WAN1 for port 80 with a distance of 2
You have a second route to WAN2 for all other traffic at a distance of 10

Here is the setup I think you should have.
IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   20
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

* Replace with relevant gateway address

That will mean that you are in failover mode. i.e try one and then the other.

No you need to create another rule that overrides those two. Something like

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5

So that the 5 is the first one it tries on port 80. All other traffic will drop to the second route on distance 10 as it is not on port 80. And all traffic will fall to the WAN1 device if the others fail.

One other thing you may have an issue with is Firewall rules or NAT. i.e. you have the right route, but not the right permission on the firewall. Or you have NAT turned on or off for that rule and you need/don't need it.
0
 

Author Comment

by:jonathanduane2010
ID: 35216048
what i really want is more load balancing than failover

so basically i want all http traffic to go out from internal to wan 1

and then i want all other traffic to go out from internal to adsl

cheers
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216161
OK, well the same principles work, except that the second two routes need the same distance I believe.

IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   10
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216312
This might be a useful link. It is all about routing on the Fortigate units.

http://docs.fortinet.com/fgt/handbook/fortigate-dynamic-routing-40-mr1.pdf
0
 
LVL 1

Accepted Solution

by:
warrenkerrigan earned 1000 total points
ID: 35216464
OK, it looks like this is what you need. See attached document.

 Fortinet-Knowledge-Base---View-D.pdf
0

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
Have a Cisco router that you forgot the password or maybe you bought a used router that is locked with a password? This article will guide you through the steps on how to recover the password on your Cisco gear.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question