Solved

fortigate 60 adsl router and load balancing

Posted on 2011-03-25
9
1,923 Views
Last Modified: 2012-05-11
hi,

i was wondering is it possible to load balance on this router?

it had two Wan ports and a dsl ports , i have two wan connections and i was hoping to have all interner traffic (http, https etc) and mail traffic (smtp, imap pop etc) in and out on one connection?
0
Comment
Question by:jonathanduane2010
  • 6
  • 3
9 Comments
 
LVL 1

Expert Comment

by:warrenkerrigan
Comment Utility
Yes it is possible. We have run ours in failover mode mostly, but you can setup specific routes that are based on IP ranges or protocols. i.e. send all https & https via WAN1 and all SMTP, POP3 & IMAP through WAN2.

That would mean that you could pick a protocol for generic stuff, but you could also setup all traffic from a specific service (IP range) to come or go through one port.

You can also set priorities in the routing table. So you can say go via WAN2 first...and if that is not available, go through normally.

Fortinet have quite a good knowledge base on their support site http://support.fortinet.com

I hope that helps.
0
 

Author Comment

by:jonathanduane2010
Comment Utility
ok basically i am having a problem where i have two connections one for dsl and one for wan1

we have setup policies and for wan1 and DSL and say for instance i have setup port 80 to come from wan1 and when i enable that, internet doesnt work but if i actually plug out dsl connection internet will work from wan 1

just doesnt seem to work when trying to get it to work side by side
0
 
LVL 1

Expert Comment

by:warrenkerrigan
Comment Utility
What priority / distance have you set on the routes? Are they both the same?
0
 

Author Comment

by:jonathanduane2010
Comment Utility
no i have set wan1 to 2 and dsl 10
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Expert Comment

by:warrenkerrigan
Comment Utility
OK so let me get this clear.
You have a route to WAN1 for port 80 with a distance of 2
You have a second route to WAN2 for all other traffic at a distance of 10

Here is the setup I think you should have.
IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   20
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

* Replace with relevant gateway address

That will mean that you are in failover mode. i.e try one and then the other.

No you need to create another rule that overrides those two. Something like

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5

So that the 5 is the first one it tries on port 80. All other traffic will drop to the second route on distance 10 as it is not on port 80. And all traffic will fall to the WAN1 device if the others fail.

One other thing you may have an issue with is Firewall rules or NAT. i.e. you have the right route, but not the right permission on the firewall. Or you have NAT turned on or off for that rule and you need/don't need it.
0
 

Author Comment

by:jonathanduane2010
Comment Utility
what i really want is more load balancing than failover

so basically i want all http traffic to go out from internal to wan 1

and then i want all other traffic to go out from internal to adsl

cheers
0
 
LVL 1

Expert Comment

by:warrenkerrigan
Comment Utility
OK, well the same principles work, except that the second two routes need the same distance I believe.

IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   10
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5
0
 
LVL 1

Expert Comment

by:warrenkerrigan
Comment Utility
This might be a useful link. It is all about routing on the Fortigate units.

http://docs.fortinet.com/fgt/handbook/fortigate-dynamic-routing-40-mr1.pdf
0
 
LVL 1

Accepted Solution

by:
warrenkerrigan earned 250 total points
Comment Utility
OK, it looks like this is what you need. See attached document.

 Fortinet-Knowledge-Base---View-D.pdf
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now