2

My network is as follows:

1 x Fortigate 100d with the two WAN ports connected to:

  1. Ethernet ISP with STATIC IP configured manually (20 Mbps symmetric) via ISP A
  2. Ethernet ISP with STATIC IP configured via DHCP (100 Mbps symmetric) via ISP B

My question is, can I bond these two WANs to aggregate the link? If so what are the steps to follow?

Cy.
  • 135
  • 1
  • 2
  • 6

2 Answers2

3

I'm going to go with the assumption (rather than asking, like @Shane Madden did) and assume you don't have your own address space and are just using IP addresses assigned by the ISP on both WAN links.

802.3ad is a layer 2 link aggregation protocol. It won't help you at all in the scenario you're describing. 802.3ad would be useful if you had, say, multiple metro-Ethernet terminations from the same ISP, all using the same IP space.

The "load-balancing" functionality built-in to the Fortigate devices assigns TCP connections to a WAN link (through various means-- weights assigned to interfaces, by source address, or by utilization). You're not going to see more than the bandwidth of a single WAN connection utilized for a single TCP connection, but you will see TCP connections spread across both WAN connections. This isn't wholly ineffective if your main concern is utilizing the speed of both interfaces for users accessing web sites (or other Internet resources).

Here's FortiNet's documentation describing the feature in more detail.

If you had your own IP address space, and were peered with your ISPs using BGP, you would be able to send and receive traffic across both WAN connections. (Most small to medium-sized businesses don't have this option, though.)

If your concern is inbound redundancy (like an on-site hosted server being accessible via the same public IP address via both ISPs) then you are going to need to look to getting your own address space and peering with your ISPs. (Typically, you're talking about a whole different level of expense, too, because consumer-grade ISPs don't offer this type of functionality.)

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • Great answer and totally understood. Thank you as this clarifies all what I had confused in my mind. – Cy. Jul 03 '14 at 19:54
1

You cannot aggregate this links, but you can configure fortigate for simultaneous usage. This link can help you. You need "Weighted load balance" configuration

Nik
  • 409
  • 3
  • 4
  • Could you please elaborate which links could I aggregate then? – Cy. Jul 03 '14 at 19:46
  • 1
    As written below, aggregation is layer2 feature. you can't aggregate links in different broadcasting domain. that you want to get in the end? aggregation may not be the best way to do this – Nik Jul 03 '14 at 19:53