Professional Documents
Culture Documents
Page 1 of 3
Print Article
Description
Scenario
1 2 3 No
Link Redundancy
Yes Yes No
Load Sharing
Yes Yes
Components
All FortiOS
Please check also the related article : Technical Note : Configuring link redundancy - traffic load-balancing - ECMP (Equal Cost Multiple Path) - Dual Internet or WAN scenario
In each scenario, you must configure the appropriate firewall policies between the interfaces in question to allow the traffic - this document focuses on the routing issues.
b.
c.
http://kb.fortinet.com/kb/viewContent.do?externalId=10376&sliceId=1
10/11/2011
Page 2 of 3
Special Cases
1. Monitoring both WAN interfaces simultaneously. If you need to be able to ping both WAN interfaces in order to demonstrate that the links are up, you will need to set the distance on both default routes to be the same. Note: this is the same requirement as for Design Scenario #3. 2. Routing of traffic directed at VIPs. Sessions associated with VIPs are handled in a special way. Case Scenario #1 (VIP on non-default interface): Let us say that you have a FortiGate-60, and the default gateway is pointing to WAN 1 but you have a VIP on WAN 2 that points to the web server in the DMZ.
http://kb.fortinet.com/kb/viewContent.do?externalId=10376&sliceId=1
10/11/2011
Page 3 of 3
In this case, you do not need to create an additional static route or policy route for this VIP because a route cache entry is made which tells the FortiGate unit which interface it should use on the return path. Case Scenario #2 (Redundancy VIPs): If you have redundant VIPs defined on each of the WAN interfaces (WAN1 and WAN2 in the case of a FortiGate-60) a. b. inbound sessions will be handled as discussed in case scenario #1 outbound sessions (initiated by the server) will have the server IP modified according to one of the 2 VIPs -- which VIP is selected depends on which interface has the preferred default route
Conclusion (redundant VIPs): make sure a policy route directs the server traffic out the desired interface.
http://kb.fortinet.com/kb/viewContent.do?externalId=10376&sliceId=1
10/11/2011