Link to home
Start Free TrialLog in
Avatar of adnan Sabir
adnan Sabir

asked on

i want route vpn traffic and internet traffic separately through WAN1 and WAN 2

i am using fortigate firewall.. i have to WAN connections with WAN1 and WA2 2.. i have static ip for vpn.. what i want is to router all internet through WAN1 and all VPN traffic through WAN 2.. is it possibel..if possible then how can i manage ? please guide..
Avatar of James Lee
James Lee
This isn't going to be easily done. Your computer has and uses 1 default gateway. It can have a second one but will not use it unless the first one does not respond.

Secondly the traffic isn't "VPN" or "Internet" traffic according to your computer or the firewall. It is simply TCP/IP traffic and as such will not treat any packets from your computer differently.

Now that being said here is what you can do to make this work.....
1. If the VPN is connecting you to work or something be sure the IP address used on the far side is non-routable (it likely already is) this is the 10.x.x.x or 172.16.x.x or 192.186.x.x IP sets.  If they are and you setup a VPN on the firewall to connect to the far end. Then when your computer tries to speak to a computer/server in that address scheme the firewall will see this traffic is destined for the far end of the VPN and send it that way. If the traffic from your computer is for https://www.experts-exchange.com then it will use DNS to resolve the IP and know it is not going there via the VPN but rather the other wan port.

I assume your firewall will allow you to make a "hardware" vpn connection to the other location. AND This solution assumes that your firewall will allow you to setup a VPN on just WAN2 port. If you can do this then the route tables will get built and the traffic will go out either port properly. Remember that those non-routable IP addresses will never make it out the Internet connection of course.

Make sure that the VPN traffic your sending isn't www.google.com or something that resolves on the internet as this will default to the internet side of the firewall of course.


Hope this helps explain it.
James
Avatar of adnan Sabir
adnan Sabir

ASKER

i have fortinet fortigate 100 D. so it allows to make vpn connection with other side. cureently static ip is configured at wan2 and normal ip configured at wan1. so i could configure load balancing..what i need is for vpn traffic it use only wan2 interface to save bandwidth on my my static ip..
Avatar of Andrew Wright
Andrew Wright
Flag of United Kingdom of Great Britain and Northern Ireland image
It sounds like you need to set up two VLANs using Switched Mode, check out this thread

http://cookbook.fortinet.com/choosing-fortigate-switch-mode/
Avatar of adnan Sabir
adnan Sabir

ASKER

can not we do it with Policy base routing and donot set deafualt gateway for WAN2 which is supposed to be used for vpn purpose..
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Andrew Wright
Andrew Wright
Flag of United Kingdom of Great Britain and Northern Ireland image
Qlemo's comment has been used as the accepted solution.  I am closing this question down as it has run its course.