Load Balancing & Fault Tolerance Tunnel Routing
Weight : The weight/priority of the tunnel. The higher the weight, the more likely it will use tunnels.
Encrypt : Enables encrypted tunnel routing
DSCP : DSCP(Differentiated Services Code Point) provides simple mechanism for quality of ser-
vice (QoS) on IP networks. DSCP uses the differentiated services code in IP header to
indicated different traffic QoS classification. If your ISP provides DSCP service, please con-
tact them for the values. In the field, specify the value to the tunnel. Leave it blank if you
do not apply DSCP to the tunnel. Note that only the tunnels established with static local
and remote IP addresses support DSCP. This will primarily be used for tunnels over MPLS
networks.
Note that one group tunnel configuration cannot be duplicates (group tunnels with the same configuration on fields
Local IP and Remote IP) for multiple tunnel groups. One group tunnel configured with a static local IP address and a
static remote IP address can only be used for one tunnel group between one pair of local host and remote host. One
group tunnel configured with a static IP address and a dynamic WAN link can be duplicates in the tunnel groups which
is used with different remote host, but cannot be duplicates in the tunnel groups which is used with the same remote
host.
Default Rule
Default Rule is a simple and efficient way to configure routing rules for tunnels between FortiWANs. In Default Rule,
only source IP addresses need to be specified to the tunnel group. After the default rules on local and remote
FortiWANs being configured and enabled, those units automatically negotiate destination IP addresses of the default
rules for each other. One’s source will become to the destination on the opposite unites. Default Rule gives a great
help to establish fully-connected routing rules while constructing an Intranet on many branch sites via Tunnel Routing.
Consider an Intranet deployment over three branch sites, only three default rules (each one on a branch site) are
required to establish the fully connection over the three sites, which requires six routing rules without using Default
Rule.
E : Check to enable the rule.
Source :
The source of the connection (See "Using the web UI").
Fail-over :
Select a policy from the list. When WAN failure occurs, traffic will be diverted to back up
tunnels based on Fail-over policies.
Routing Rules
Source :
The source of the connection (See "Using the web UI").
Destination :
The destination of the connection (See "Using the web UI").
Service : The TCP/UDP service type to be matched. The default is "Any". Administrators can select
from the publicly known service types (e.g. FTP), or can choose the port number in
TCP/UDP packet. To specify a range of port numbers, type starting port number plus
hyphen "-" and then end port number. e.g. "TCP@123-234" (See "Using the web UI").
Group : The group permitted to use the tunnel.
105 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
