Requirement: Small customer has a standalone Fortigate 60d (which we have read only access) with one wan link, no dynamic routing with static default route through wan 1. They have connected another wan 2 link which they don't want to use for redundancy but for "load-balancing". "LB" for them means sending all microsoft (office 365, sharepoint and skype) traffic through wan 2 at all times.
My solution: As I haven't worked with this particular firewall and it looks to be a bit basic to me, my solution to them is to add static routes for all IPv4 cidr blocks from microsoft website and just route this destination traffic through wan2 link. Also told them the risk of always forcing this static traffic through in case wan 2 goes down.
Question: Am I right or is there a better way of doing this. Can this firewall do path/link monitoring which we can apply in a couple of pbf rules for microsoft application specific traffic?. One rule for wan 2 and a failover back to wan 1.
Sorry for the long post. :)
No comments:
Post a Comment