0

I've Fortigate 80c and two internet lines from two separate ISPs.

I'm trying to distribute sessions between both internet lines following http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/routing_ecmp_basic.html , but it seems connections go through just one of two internet lines.

I have "wan1 as it's configured first, and I could edit static route table to be wan2 instead of wan1", but not both of internet lines I have.

Any ideas why this happens?

Thanks in advance

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
emamdouh
  • 1
  • 1
  • 1
    Have you checked the `Spillover Threshold` parameter ? New sessions start at wan2 interface when wan1 interface reaches its spillover threshold. You can check this running `diagnose netlink dstmac list` (just as described in the doc) – krisFR Feb 10 '14 at 23:55
  • in this video http://www.youtube.com/watch?v=P0oshKYvFY8 they set spillover threshold parameter for both lines to a fixed value "5", I did the same, then i tried to download, however download speed didn't exceed 1st line speed which means connections sticked with 1st line – emamdouh Feb 11 '14 at 00:07
  • 1
    Downloads typically are static on one connection, so that would be the expected result when downloading. Works the same on our firewall Sonicwall E5500. The spillover is simply a saturation setting that says "once this connection hits a certain amount of usage, use the other connection". But it can only do that with new connections, not existing ones. – MikeAWood Feb 11 '14 at 02:02
  • 1
    Also, Fortigate considers "routing cache". This means that `if wan1 is exceeding its bandwidth limit, new sessions can continue to be sent out on wan1 if their destination addresses are already in the routing cache`. So you will have to generate a lot of traffic to many different destinations to test this...You could try to decrease spillover threshold to "1" for wan1 – krisFR Feb 11 '14 at 03:30
  • my understanding is that when wan1 exceed its threshold, new sessions will be sent to wan2, plus cached routes will be passed to wan1. But actually what i seek is round robin load balancing with weight, can Weighted Load Balance do this job ? – emamdouh Feb 11 '14 at 07:45
  • I tried Weighted Load Balance, but it seems not working, all traffic went through wan1 !!! – emamdouh Feb 11 '14 at 10:29
  • Do you have a static route for both Wan connections with both distance and priority equal? –  Jun 01 '14 at 08:05

0 Answers0