Article Id
196411
Article
In the configuration shown below, the internal server (SMTP, Web or FTP) is accessible via the Internet by two public IP addresses. Both WAN interfaces are simultaneously accessible, and either one can be used to access the internal server. These IP addresses are defined as VIPs (Firewall > Virtual IP) on the FortiGate unit. There is one VIP per WAN interface. The VIPs may be defined as "Static NAT" or "Port Forwarding" In order for this type of configuration to function properly, there must be two default routes defined (one per WAN interface) and both must be set with the same "Distance" value. For PPPoE enabled interfaces, the "Distance" is defined in the web-based manager under System > Network > Interface. Here, select the "Retrieve default gateway from server option. For statically defined interfaces, the default routes are added in the Router > Static menu on the web-based manager. The "Distance" is set here. Note that the default distance value is 10 for static routes and 1 for PPPoE retrieved routes. If the internal server also needs to originate sessions out to the Internet, then you must configure Policy Based Routing on the FortiGate unit in order to select the appropriate egress WAN interface. This is not required if all sessions originate from the Internet. |
