Trying to setup network failover with lan to wan configuration
-
@ricardotestamonede You will want to consider HA and eliminating the Fortinet for another 3100. HA on a 3100 is possible but probably not a great solution.
-
Are there inside of the both firewalls modems integrated or
are there two external modems in this setup?If there are two external modems in this setup, you could
install a switch in front of both firewalls and connect the modems there each in its own vlan with its own IP range.And then you may be able to set up in each firewall
load balancing using them all as dual wan set up.But if I would in that situation I would set up both to or in
one firewall as dual wan setup and then do a load balancing
where you get failover for free on top automatically! If one wan fails all traffic goes over the 2nd one, and if it comes back up then you entire load will be balanced over the both wan ports again. You may be able to chose between;- policy based routing
- service based routing
- and session based routing
-
@dobby_ The problem is that, i need the pfsense for our 10g small network setup for our krafts team. The Fortinet doesn't have those capabilities.
I don't mind unplugging the wan #1 on my fortinet and patching in a cable from the pfsense to get us back up using the internet from our krafts team pfsense. However, the krafts team can go down because they do most of their work remotely.
-
@ricardotestamonede said in Trying to setup network failover with lan to wan configuration:
i need the pfsense for our 10g small network setup
The 3100 doesn't support 10gbps or SFP connections. Can you explain what you mean by this?
-
@rcoleman-netgate I have it connected to a 10g uni switch the pfsense is the router we have connected to that switch. I mistyped sorry. I would like to keep them separate in that aspect. Both the Fortinet and Pfsense have there own independent 1G circuits from different providers.
I figured i would need to add a vlan to lan#1 on my pfsense that doesn't interfere with any of the production vlans i have setup. Connect that port to wan#2 on my fortinet and potentially setup nat rules for it to hit the gateway etc. Im looking for advice/ideas on the best way to approach it with my current setup.
-
@ricardotestamonede said in Trying to setup network failover with lan to wan configuration:
I currently have two routers running in my small business network setup. One is setup for the main network and is my Fortinet 80f. It currently has a 1gb circuit from ISP 1. The other is a Pfsense sg-3100 which is set up for our Kraft's team only and it has its own 1gb circuit from a different ISP. My problem is the ISP on my main router is pretty crappy and has outages all the time. I would like to utilize the 1GB on my 2nd router for failover.
So you intend to provide internet of ISP2 for the business network behind the Forti if I got you correctly?
-
@viragomann That is correct, im not really looking for automation or automatic failover if the link goes down. I can manually plug in the cable for failover. But im thinking this still requires me to configure a port on the pfsense router for this
-
@ricardotestamonede said in Trying to setup network failover with lan to wan configuration:
@viragomann That is correct, im not really looking for automation or automatic failover if the link goes down. I can manually plug in the cable for failover. But im thinking this still requires me to configure a port on the pfsense router for this
Yes, you do have to configure a port on the pfsense box. And, if you want to use it as an additional WAN port, it has to have a gateway defined. You can find that under System -> Routing -> Gateways
This will not be automatic, like you are saying that you are not looking for. I'm not even sure this will work if say your main WAN connection goes down, you walk to the cabinet, and plug in the WAN port for the other ISP modem. You are hoping the other WAN connection will pick up and now be the gateway for your pfsense network. Maybe it will, but one of the other experts here would know for sure. I've never actually tried a setup like that.
Or, if you want to keep it really simple, and both of your networks are simple (DHCP for all LAN devices, the internal LAN networks are not the same range, and both routers are close to each other), you technically could plug a cable into a LAN port on the Fortinet and plug the other end into the WAN port on your pfsense box. You said you "don't mind unplugging", so this is a really low-tech way to get it done.
Did I get that right? You want to, in some circumstances, use the WAN connection of the Fortinet on the pfsense box? Or is it the other way around?
-
@ricardotestamonede Yes, you can use the OPT port without major fuss, or reconfigure a LAN switch port for this.
Switch config: https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html
-
@ricardotestamonede
So you have to configure the Fortigate for Multi-WAN.
You should provide a separate network port on pfSense and connect it to the second WAN of the Forti.On the pfSense interface allow any upstream traffic.
Consider to block access to the local network if desired.