Professional Documents
Culture Documents
FortiOS 5.6 is now available: Release Notes | What's New | Upgrade Path
FORTIGATE / FORTIOS 5.4 / FORTIOS 5.4.0 / FORTIOS 5.4.1 / FORTIOS 5.4.2 / FORTIOS 5.4.3 / GETTING STARTED
Redundant Internet connections
Posted on July 13, 2016 by Kayla Robinson
In this example, you will create a WAN link interface that provides your FortiGate unit with
redundant Internet connections from two Internet service providers (ISPs). The WAN link interface
combines these two connections into a single interface.
This example includes weighted load balancing so that most of your Internet trafៜ�c is handled by one
ISP.
http://cookbook.fortinet.com/redundantinternetconnections54/ 1/8
4/16/2017 Redundant Internet connections Fortinet Cookbook
1. Connecting your ISPs to the FortiGate
Connect your ISP devices to your FortiGate so that the ISP you wish
to use for most trafៜ�c is connected to WAN1 and the other connects
to WAN2.
2. Deleting security policies and routes that use WAN1 or
WAN2
You will not be able to add an interface to the WAN link interface if it is already used in the
FortiGate’s conៜ�guration, so you must delete any security policies or routes that use either WAN1
or WAN2. Trafៜ�c will not be able to reach WAN1 or WAN2 through the FortiGate after you delete
the existing policies.
Many FortiGate models include a default Internet access policy that uses WAN1. This policy must
also be deleted.
Go to Policy & Objects > IPv4 Policy and delete any policies that use
WAN1 or WAN2.
Go to Network > Static Routes and delete any routes that use WAN1
or WAN2.
3. Creating a WAN link interface
http://cookbook.fortinet.com/redundantinternetconnections54/ 2/8
4/16/2017 Redundant Internet connections Fortinet Cookbook
The weight settings will cause 75% of trafៜ�c to use WAN1, with the
remaining 25% using WAN2.
4. Configuring Health Check (optional)
You can optionally conៜ�gure Health Check to verify the health and status of the links that make up
the virtual WAN link. Health Check is only available via the CLI. Go to Dashboard > CLI and enter
the following commands:
config system virtualwanlink
set faildetect [enable | disable]
set failalertinterfaces (available only if faildetect is enabled)
config healthcheck
edit [health check name]
set server <string>
set protocol [ping | tcpecho | udpecho | http | twamp ]
...
set timeout <integer>
set failtime [110]
set recoverytime [110]
set updatecascadeinterface [enable | disable]
set updatestaticroute [enable | disable ]
end
end
5. Creating a default route for the WAN link interface
http://cookbook.fortinet.com/redundantinternetconnections54/ 3/8
4/16/2017 Redundant Internet connections Fortinet Cookbook
6. Allowing traffic from the internal network to the WAN link
interface
Turn on NAT.
Scroll down to view the Logging Options. To view the results later,
turn on Log Allowed Trafៜ�c and select All Sessions.
7. Results
The log shows trafៜ�c ៙�owing through both WAN1 and WAN2.
Go to Network > Interfaces and disable the wan1 port. Then browse
the Internet from the internal network.
Go back to FortiView > All Sessions and the results should show
that trafៜ�c is only ៙�owing through wan2, until you enable WAN1
again.
About Latest Posts
Kayla Robinson
http://cookbook.fortinet.com/redundantinternetconnections54/ 4/8
4/16/2017 Redundant Internet connections Fortinet Cookbook
Kayla Robinson works in Ottawa as part of Fortinet's Technical Documentation and New
Media team. With a Bachelor's degree from Carleton, and a graduate certiៜ�cate in
Technical Writing from Algonquin College, she enjoys creating FortiOS Cookbook videos.
installation, interfaces
Leave a Reply
Connect with:
Powered by OneAll Social Login
Join the discussion
Rob Aronson
Is there a good way to migrate existing connections to wan link load balancing? We
have dual ISPs with inbound and outbound policies, routes, vpns and multiple VIPs.
I’d love to be able to reduce my redundant policies. We have to create two policies
every time we change the ៜ�rewall. Its extra work and introduces opportunities for
errors.
Thanks
Model(s) 200d
Firmware 5.4.4
http://cookbook.fortinet.com/redundantinternetconnections54/ 5/8
4/16/2017 Redundant Internet connections Fortinet Cookbook
Merong Mahawangsa IV
how about adding Tunnel in WAN-LLB? We have try but the WAN-LLB interface
seems down. Fortigate 1200D v5.4.4
bdickie
Victoria Martin
jppataki
I’ve tried but my WAN connections don’t appear when I try to Create New under
WAN LLB (and all the other appear!!!), of course I can change to other but somehow
feels odd and i wolud like to understand what’s going on. And I’m sure deleted
every IP V4 policy and all the static rules (and made a reboot just to be sure).
What else can it be?
Victoria Martin
Hello,
http://cookbook.fortinet.com/redundantinternetconnections54/ 6/8
4/16/2017 Redundant Internet connections Fortinet Cookbook
When you go to Network > Interfaces, check the Ref. column located on
the far right side of the interface list. This column lists any references to
the interface in your conៜ�guration. If the number is 1 or higher, click on it
to see where your conៜ�guration references the interface.
Neemias Caetano
Neemias Caetano
If there is 01(one) with two WAN interface’s VLAN, this rule does not apply, right? I
have not found documentation contemplating this kind of situation / scenario.
You could talk about?
Kerrie Newton
Hello Neemias,
Just to clarify, are you attempting to create a WAN LLB using VLANs? I
haven’t tested it but doing a quick setup I was able to create a VLAN and
select it as an interface for WAN LLB.
Should you attempt that and need further assistance troubleshooting feel
free to contact Fortinet Support:
How to work with Fortinet Support
http://cookbook.fortinet.com/how-to-work-with-fortinet-support/
Correct to using a different Load Balancing Algorthim you will still need to
enable WAN LLB. afterwards you’d be able to monitor the links via
FortiView.
http://cookbook.fortinet.com/redundantinternetconnections54/ 7/8
4/16/2017 Redundant Internet connections Fortinet Cookbook
Regards,
Kerrie
Neemias Caetano
Hi,
Thanks for the answer.
As for the VLAN interface, it does not appear in WLLB.
I believe, not bear it.
tks,
CONTACT | DOCUMENTATION LIBRARY | CLI PORTAL | FUSE | VIDEOS | SUPPORT | CORPORATE | LEGAL
© 2017 Fortinet
http://cookbook.fortinet.com/redundantinternetconnections54/ 8/8