WAN Type: Routing Mode Example 3

In this example, both WAN links have its own routers and FortiWAN is connected to these routers using private IP addresses, as illustrated below. In addition, FortiWAN Port 3 has been assigned another private IP connecting to the LAN Core Switch (L3 switch), therefore there is a public IP subnet connected behind the Core Switch inside the LAN.

Configuration Example:

1. FortiWAN Port 1 (192.168.0.253) is connected to WAN1’s router (192.168.0.254/24).
2. FortiWAN Port 2 (192.168.1.253) is connected to WAN2’s router (192.168.1.254/24).
3. FortiWAN Port 3 (192.168.2.253) is connected to the LAN Core Switch (192.168.2.254/24).
4. WAN1’s Public IP subnet is placed behind the Core Switch as (211.70.3.0/24).
5. WAN2’s Public IP subnet is also placed behind the Core Switch as (53.244.43.0/24).

Configuration Steps:

1. Go to FortiWAN Web UI: [System] → [Network Settings] → [WAN Settings] management page.
2. Select [1] in the WAN Link menu.
3. Click Enable to activate the WAN link.
4. Select [Routing Mode] in the WAN Type menu.
5. Select [Port 1] in the WAN Port field.
6. Enter the corresponding up/down-stream bandwidth.
7. In the IPv4 Gateway field, enter [192.168.0.254].
8. In the Static Routing Subnet field, use [+] to add a new rule with Subnet Type as “Subnet in DMZ”. In this example, there is a Core Switch in the DMZ port for the public IP subnet and the subnet does not connect to the FortiWAN directly. Therefore the subnet info should be filled in the “Static Routing Subnet” field.
9. In the Network IP field, enter [211.70.3.0].
10. In the Netmask field, enter [255.255.255.0].
11. In the IPv4 Gateway field, enter [192.168.2.254].
12. In the WAN Link menu, select 2 to switch to WAN2.
13. Click on Basic Settings to enable the WAN link. In the WAN type menu, select [Routing Mode].
14. In the WAN Port field select [Port 2].
15. Enter the corresponding up and down stream bandwidth parameters.
16. In the IPv4 Gateway field, enter [192.168.1.254].
17. In the Static Routing Subnet field, use [+] to add a new rule with the Subnet Type field as “Subnet in DMZ”.
18. In the Network IP field, enter [53.244.43.0].
19. In the Netmask field, enter [255.255.255.0].
20. In the Gateway IP field, enter [192.168.2.254].
21. WAN/DMZ Private Subnet Management Page
22. In the WAN and DMZ ports, all three subnets should be completed as below:
23. In the IPv4 Basic Subnet field, click on [+] to add a new rule with 192.168.0.0/24 as the IP, and select “Subnet in WAN” under Subnet Type.
24. In the IP(s) on Localhost field, enter [192.168.0.253].
25. In the Netmask field, enter [255.255.255.0].
26. In the WAN port field, select [Port 1].
27. WAN Port 1 settings are complete; proceed onto WAN Port 2.
28. In the IPv4 Basic Subnet field, click on [+] to add a new rule with 192.168.1.0/24 as the subnet IP address, and select “Subnet in WAN” under Subnet Type.
29. In the IP(s) on Localhost field, enter [192.168.1.253].
30. In the Netmask field, enter [255.255.255.0].
31. In the WAN port field, select [Port 2].
32. The WAN Port2 settings are complete, proceed onto the DMZ port.
33. In the IPv4 Basic Subnet field, click on [+] to add a new rule. Select “Subnet in DMZ” under Subnet Type.
34. In the IP(s) on Localhost field, enter [192.168.2.253].
35. In the Netmask field, enter [255.255.255.0].
36. In the DMZ Port field, select [Port3].
37. Configuration is complete.

The example above illustrates a common FortiWAN deployment scenario where a private IP subnet is placed inside a WAN and DMZ, and a public IP subnet is connected to FortiWAN DMZ via a Core Switch.