Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

fortigate 60 adsl router and load balancing

Posted on 2011-03-25
9
Medium Priority
?
1,977 Views
Last Modified: 2012-05-11
hi,

i was wondering is it possible to load balance on this router?

it had two Wan ports and a dsl ports , i have two wan connections and i was hoping to have all interner traffic (http, https etc) and mail traffic (smtp, imap pop etc) in and out on one connection?
0
Comment
Question by:jonathanduane2010
  • 6
  • 3
9 Comments
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35214661
Yes it is possible. We have run ours in failover mode mostly, but you can setup specific routes that are based on IP ranges or protocols. i.e. send all https & https via WAN1 and all SMTP, POP3 & IMAP through WAN2.

That would mean that you could pick a protocol for generic stuff, but you could also setup all traffic from a specific service (IP range) to come or go through one port.

You can also set priorities in the routing table. So you can say go via WAN2 first...and if that is not available, go through normally.

Fortinet have quite a good knowledge base on their support site http://support.fortinet.com

I hope that helps.
0
 

Author Comment

by:jonathanduane2010
ID: 35215491
ok basically i am having a problem where i have two connections one for dsl and one for wan1

we have setup policies and for wan1 and DSL and say for instance i have setup port 80 to come from wan1 and when i enable that, internet doesnt work but if i actually plug out dsl connection internet will work from wan 1

just doesnt seem to work when trying to get it to work side by side
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35215812
What priority / distance have you set on the routes? Are they both the same?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:jonathanduane2010
ID: 35215866
no i have set wan1 to 2 and dsl 10
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216019
OK so let me get this clear.
You have a route to WAN1 for port 80 with a distance of 2
You have a second route to WAN2 for all other traffic at a distance of 10

Here is the setup I think you should have.
IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   20
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

* Replace with relevant gateway address

That will mean that you are in failover mode. i.e try one and then the other.

No you need to create another rule that overrides those two. Something like

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5

So that the 5 is the first one it tries on port 80. All other traffic will drop to the second route on distance 10 as it is not on port 80. And all traffic will fall to the WAN1 device if the others fail.

One other thing you may have an issue with is Firewall rules or NAT. i.e. you have the right route, but not the right permission on the firewall. Or you have NAT turned on or off for that rule and you need/don't need it.
0
 

Author Comment

by:jonathanduane2010
ID: 35216048
what i really want is more load balancing than failover

so basically i want all http traffic to go out from internal to wan 1

and then i want all other traffic to go out from internal to adsl

cheers
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216161
OK, well the same principles work, except that the second two routes need the same distance I believe.

IP Mask               Gateway          Device  Distance
0.0.0.0/0.0.0.0    80.80.80.80*     WAN1   10
0.0.0.0/0.0.0.0    90.90.90.90*     WAN2   10

Port         Gateway          Device  Distance
Port 80    80.80.80.80*     WAN1   5
0
 
LVL 1

Expert Comment

by:warrenkerrigan
ID: 35216312
This might be a useful link. It is all about routing on the Fortigate units.

http://docs.fortinet.com/fgt/handbook/fortigate-dynamic-routing-40-mr1.pdf
0
 
LVL 1

Accepted Solution

by:
warrenkerrigan earned 1000 total points
ID: 35216464
OK, it looks like this is what you need. See attached document.

 Fortinet-Knowledge-Base---View-D.pdf
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question