FortiWAN Configurations

Leave a reply

Domain Settings

You need to register the domain domainname.com, the responsible name server ns1.domainname.com and its IP address 211.21.33.186 to a registrar.

Domain Name TTL Responsible Mail Primary Name

Server

 IPv4 Address
domainname.com 30 admin.domainname.com ns1 211.21.33.186

A/AAAA Record

Host Name When Source IP To Policy TTL
www All-Time Any web 30

Multihoming answers to queries for www.domainname.com with IP address (211.21.33.186 or 61.64.195.150) of the better one of the two WAN links according the their upstream load, so that external users can always access the virtual server through an efficient WAN link.

Example 2

Here is another similar usage for Multihoming and an internal SMTP server. Multiple will answer the mail server responsible for accepting recipient email for domain domainname.com, for example user@domainname.com.

An internal mail server (192.168.0.200 on SMTP 25) is installed in LAN and virtual server on FortiWAN is associated with it by the following settings on Web UI: Service > Virtual Server (See Virtual Server for details):

WAN IP Service Algorithm Server Pool

Server IP

 Service
211.21.33.186 SMTP(25) Round-Robin 192.168.0.200 SMTP(25)
61.64.195.150 SMTP(25) Round-Robin 192.168.0.200 SMTP(25)

To make accesses distributed among the two WAN links by weighted round-robin, you need to have Multihoming configured as followings. Go to Service > Multihoming on Web UI, enable Multihoming (disable Relay) and have the following basic settings configured.

A Record Policy Settings

Policy Name Algorithm Policy Advance Setting

WAN Link              IPv4 Address

 Weight
smtp By Weight 1                            211.21.33.186 1
2                            61.64.195.150 1

Domain Settings

You need to register the domain domainname.com, the responsible name server ns1.domainname.com and its IP address 211.21.33.186 to a registrar.

Domain Name TTL Responsible Mail Primary Name

Server

 IPv4 Address
domainname.com 30 admin.domainname.com ns1 211.21.33.186

A/AAAA Record

Host Name When Source IP To Policy TTL
mail1 All-Time Any smtp 30
MX Record
TTL Host Name Priority Mail Server
30 [Leave it blank] 1 mail1

 

Pages: 1 2 3 4 5 6 7
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.