剛好公司有臺設備

fortigate 200d 剛好也有請了兩條線

就順便來弄一下 failover & LB

照著以下指令即可

首先是default gw

再來是指定要如何作gw的detect

我這邊是ping google的dns name

每秒一次，然後三次失敗作移轉

最後是將policy的部份

也要記得都加上雙wan的路徑

如我這邊的

vlan 10 & vlan 20 這樣才會在線路故障後

轉由另一wan出去

FG200D4614800239 $ sh firewall policy
config firewall policy
    edit 2
        set srcintf "vlan10"
        set dstintf "wan1" "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set application-list "NOWUSE"
        set profile-protocol-options "default"
        set nat enable
    next
    edit 5
        set srcintf "vlan2"
        set dstintf "wan2" "wan1"
        set srcaddr "Server LAN" "Server LAN 1"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "HTTP" "HTTPS" "DNS" "GMAILSSL" "APNS"
        set utm-status enable
        set logtraffic all
        set application-list "NOWUSE"
        set profile-protocol-options "default"
        set nat enable
    next

再來還有個進階的 政策路由的部份 打算拿來作 guest wifi的設定

但switch都沒建vlan… 目前全當hub用，所以就下次了…

• Prev
• Next