Fortinet 100 user manual Load sharing and primary and secondary connections

Using the CLI

1Add the route to the routing table.

set system route number 0 dst 0.0.0.0 0.0.0.0 gw1 1.1.1.1 dev1 external gw2 2.2.2.1 dev2 dmz

Table 13: Route for primary and backup links

Load sharing

You can also configure destination routing to direct traffic through both gateways at the same time. If users on your internal network connect to the networks of ISP1 and ISP2, you can add routes for each of these destinations. Each route can include a backup destination to the network of the other ISP.

Table 14: Load sharing routes

The first route directs all traffic destined for the 100.100.100.0 network to gateway 1 with the IP address 1.1.1.1. If this router is down, traffic destined for the 100.100.100.0 network is re-directed to gateway 2 with the IP address 2.2.2.1.

Load sharing and primary and secondary connections

You can combine these routes into a more complete multiple internet connection configuration. In the topology shown in Figure 8 on page 50, users on the Internal network would connect to the Internet to access web pages and other Internet resources. However, they may also connect to services, such as email, provided by their ISPs. You can combine the routes described in the previous examples to provide users with a primary and backup connection to the Internet, while at the same time routing traffic to each ISP network as required.

The routing described below allows a user on the internal network to connect to the Internet through gateway 1 and ISP1. At the same time, this user can also connect through the DMZ interface to gateway 2 to access a mail server maintained by ISP2.

Adding the routes using the web-based manager

1Go to System > Network > Routing Table.

2Select New to add the default route for primary and backup links to the Internet.

•Destination IP: 0.0.0.0

•Mask: 0.0.0.0

•Gateway #1: 1.1.1.1

•Gateway #2: 2.2.2.1

•Device #1: external

•Device #2: dmz

•Select OK.