Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1194
  • Last Modified:

Fortigate 50B


I have an SBS 2003 runing Exchange with SMTP not POP3. I have 2 WAN connections one over DSL other over Cable. Can the SMTP from the server switch from one WAN connection to the other automatically?
1 Solution
Jakob DigranesSenior ConsultantCommented:
Do you mean if incoming mail to SBS 2003 configured on WAN1 can switch automatically to WAN2?
I guess you have different static IPs on each WAN connection, and MX record is configured for WAN1 IP?

You could try the following:
set type=mx
type yourdomain.com

you get something like this:

yourdomain.com      MX preference = 10, mail exchanger = mail.yourdomain.com
mail.yourdomain.com      internet address= (WAN1 IP)

With public DNS - you can try to add the following records:
yourdomain.com     MX preference = 20, mail.excehanger = mail2.yourdomain.com
mail2.yourdomain.com    internet address = (WAN2 IP)

then all email should go to WAN1 IP first, if that one is unavailable, it'll go to WAN2 IP

Secondly, in Fortigate - create a new VIP for WAN2 IP - port 25 forward to SBS2003 local IP (same as VIP on WAN1) and create firewall rules accordingly
In the Fortigate firewall configuration you can set it up to load balance the traffic between each WAN port equally. However if your Fortigate is set as your DHCP server you cannot determine which computer uses what WAN connection.

To properly load balance the traffic in the Fortigate configuration under the 'Router' > 'Static' configuration page you should see two settings for WAN1 and WAN2 just make sure you have the distance configured with equal settings. For example the default in the Fortigate is a distance of 10 if you configure both WAN ports with the same distance it will perform an equal load balance over each WAN device.  Then in the case one of your ISP connections goes down for any reason, the Fortigate will know the link is down and send all traffic over the WAN port.  
I can not create 2 virtual ip's with the same port. I get the error "A duplicate entry already exists."
What am i doing wrong?

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now