{"id":94,"date":"2008-08-18T14:12:46","date_gmt":"2008-08-18T06:12:46","guid":{"rendered":"http:\/\/amjet.dyndns.biz\/blog\/IT\/?p=94"},"modified":"2013-03-01T19:50:16","modified_gmt":"2013-03-01T11:50:16","slug":"fortigate-2-wan-%e7%9a%84%e9%81%8b%e7%94%a8","status":"publish","type":"post","link":"https:\/\/blog.amjet.biz\/IT\/?p=94","title":{"rendered":"FortiGate 2 WAN \u7684\u904b\u7528"},"content":{"rendered":"<p>\u539f\u5ee0\u7684\u9019\u4efd <a href=\"http:\/\/kc.forticare.com\/default.asp?id=376&amp;Lang=1&amp;SID=\" target=\"_blank\">\u4ea4\u4ef6<\/a> \u6709\u975e\u5e38\u8a73\u76e1\u7684\u4ecb\u7d39\uff0c\u6211\u628a\u6e2c\u8a66\u904e\u7684\u90e8\u4efd\u7c21\u55ae\u7684\u4ecb\u7d39\u4e00\u4e0b\u3002<\/p>\n<p><strong>Load balancing<\/strong><\/p>\n<p>\u9019\u90e8\u4efd\u7684\u61c9\u7528\u662f\u628a\u5c0d\u5916\u7684\u6d41\u91cf\u5206\u6563\u5230 2 \u689d WAN \u4e0a\uff0c\u81f3\u65bc\u8d70\u90a3 1 \u689d\u96fb\u8def\u7531 FortiGate \u6c7a\u5b9a\uff0c\u6240\u4ee5\u5167\u90e8 NAT \u51fa\u53bb\u7684\u9023\u7dda\u53ef\u80fd\u9019\u6b21\u5e36 WAN1 IP\uff0c\u4e0b\u6b21\u5e36 WAN2 IP\uff0c\u5982\u679c\u6709\u7528 ISP \u7684\u670d\u52d9\uff0c\u800c\u8a72\u670d\u52d9\u6703\u8a8d IP \u7684\u8a71\u8981\u7279\u5225\u6ce8\u610f(\u4f8b\u5982 SMTP)\u3002<\/p>\n<p>\u8a2d\u5b9a\u90e8\u4efd\u57fa\u672c\u4e0a 2 \u689d WAN port \u90fd\u8981 UP\uff0c\u800c\u4e14\u90fd\u8981\u6709 default gateway\uff0c\u4e5f\u5c31\u662f\u5728 FortiGate \u4e0a\u6703\u770b\u5230 2 \u689d default gateway\u3002\u91cd\u9ede\u662f\u9019 2 \u500b default gateway \u7684 distance \u8981\u8a2d\u4e00\u6a23\uff0cFortiGate \u6703\u512a\u5148\u4f7f\u7528 distance \u503c\u5c0f\u7684\u8def\u7531\uff0c\u8a2d\u4e00\u6a23\u5247\u6703\u52d5\u614b\u9078\u64c7\u4e00\u689d\u8def\u7531\u51fa\u53bb\u3002\u53e6\u5916 firewall NAT policy \u5982\u679c\u539f\u672c\u662f internal -&gt; wan1 \u4f5c NAT\uff0c\u73fe\u5728\u8981\u518d\u52a0\u4e00\u689d internal -&gt; wan2 \u4f5c NAT\uff0c\u4e8c\u689d policy \u90fd\u8981 enable\u3002<\/p>\n<p><strong>Link Redundancy<\/strong><\/p>\n<p>\u9019\u90e8\u4efd\u7684\u61c9\u7528\u662f\u7576 WAN1 down \u7684\u6642\u5019\u8b93\u6d41\u91cf\u81ea\u52d5\u8d70 WAN2 \u51fa\u53bb\u9054\u5230\u96fb\u8def\u5099\u63f4\u7684\u76ee\u7684\u3002\u524d\u9762\u63d0\u5230 FortiGate \u6703\u512a\u5148\u4f7f\u7528 distance \u503c\u5c0f\u7684\u8def\u7531\uff0c\u5982\u679c WAN1 \u662f\u4e3b\u7dda\u8def\u7528\u9810\u8a2d\u7684 distance 10\uff0c\u90a3 WAN2 \u5099\u63f4\u7dda\u8def\u7684 distance \u5c31\u8a2d\u5b9a\u5927\u65bc 10 \u4f8b\u5982 20\u3002\u5e73\u6642\u770b\u4e0d\u5230\u9019\u689d\u8def\u7531\uff0c\u7576 WAN1 down \u6642\u9019\u689d\u5099\u63f4\u8def\u7531\u5c31\u6703\u51fa\u73fe\u3002firwall policy \u8ddf load balancing \u4e00\u6a23\u8981\u8a2d2\u689d\uff0c\u800c\u4e14\u90fd\u8981 enable \u9019\u6a23 WAN1 down \u7684\u6642\u5019\u624d\u53ef\u4ee5\u81ea\u52d5\u5207\u63db\u3002<\/p>\n<p><strong>Policy route<\/strong><\/p>\n<p>\u5982\u679c\u5167\u90e8\u7db2\u8def\u6709\u5206 DMZ\u3001internal \u7db2\u6bb5\uff0c\u5e0c\u671b\u6bcf\u500b\u7db2\u6bb5\u8d70\u5404\u81ea\u7684 WAN port \u51fa\u53bb\u4e92\u4e0d\u5e72\u64fe\uff0c\u9019\u6642\u5019\u5c31\u5fc5\u9808\u8a02\u5b9a policy route\u3002\u6bcf\u500b\u7db2\u6bb5\u57fa\u672c\u4e0a\u8981\u67092\u689d policy route\uff0c\u4ee5 internal \u70ba\u4f8b:<\/p>\n<ol>\n<li>incoming interface <strong>internal<\/strong>\uff0csource <strong>192.168.1.0\/24<\/strong> (internal subnet)\uff0cdestination <strong>192.168.2.0\/24 <\/strong>(dmz subnet)\uff0coutgoing interface dmz<\/li>\n<li>incoming interface <strong>internal<\/strong>\uff0csource <strong>192.168.1.0\/24<\/strong> (internal subnet)\uff0cdestination <strong>0.0.0.0\/0.0.0.0<\/strong> (dmz subnet)\uff0coutgoing interface wan1<\/li>\n<\/ol>\n<p>WAN1\u3001WAN2 default gateway \u7684 distance \u8a2d\u6210\u4e00\u6a23\uff0cfirewall policy \u8a2d\u5b9a DMZ \u8d70 WAN1 NAT \u51fa\u53bb\uff0cinternal \u8d70 WAN2 NAT \u51fa\u53bb\uff0c\u9019\u6a23\u5167\u90e8\u7db2\u6bb5\u53ef\u4ee5\u4e92\u901a\uff0c2\u500b\u7db2\u6bb5\u6709\u5404\u81ea\u7684\u983b\u5bec\u4e5f\u4e92\u4e0d\u5e72\u64fe\u3002<\/p>\n<p><strong>[ratings]<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u539f\u5ee0\u7684\u9019\u4efd \u4ea4\u4ef6 \u6709\u975e\u5e38\u8a73\u76e1\u7684\u4ecb\u7d39\uff0c\u6211\u628a\u6e2c\u8a66\u904e\u7684\u90e8\u4efd\u7c21\u55ae\u7684\u4ecb\u7d39\u4e00\u4e0b\u3002 Load balancing \u9019\u90e8\u4efd\u7684\u61c9\u7528\u662f\u628a\u5c0d\u5916\u7684\u6d41\u91cf\u5206\u6563\u5230 2 \u689d WAN \u4e0a\uff0c\u81f3\u65bc\u8d70\u90a3 1 \u689d\u96fb\u8def\u7531 FortiGate \u6c7a\u5b9a\uff0c\u6240\u4ee5\u5167\u90e8 NAT \u51fa\u53bb\u7684\u9023\u7dda\u53ef\u80fd\u9019\u6b21\u5e36 WAN1 IP\uff0c\u4e0b\u6b21\u5e36 WAN2 IP\uff0c\u5982\u679c\u6709\u7528 ISP \u7684\u670d\u52d9\uff0c\u800c\u8a72\u670d\u52d9\u6703\u8a8d IP \u7684\u8a71\u8981\u7279\u5225\u6ce8\u610f(\u4f8b\u5982 SMTP)\u3002 \u8a2d\u5b9a\u90e8\u4efd\u57fa\u672c\u4e0a 2 \u689d WAN port \u90fd\u8981 UP\uff0c\u800c\u4e14\u90fd\u8981\u6709 default gateway\uff0c\u4e5f\u5c31\u662f\u5728 FortiGate \u4e0a\u6703\u770b\u5230 2 \u689d default gateway\u3002\u91cd\u9ede\u662f\u9019 2 \u500b default gateway \u7684 distance \u8981\u8a2d\u4e00\u6a23\uff0cFortiGate \u6703\u512a\u5148\u4f7f\u7528 distance \u503c\u5c0f\u7684\u8def\u7531\uff0c\u8a2d\u4e00\u6a23\u5247\u6703\u52d5\u614b\u9078\u64c7\u4e00\u689d\u8def\u7531\u51fa\u53bb\u3002\u53e6\u5916 firewall NAT policy \u5982\u679c\u539f\u672c\u662f internal [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[59,60],"class_list":["post-94","post","type-post","status-publish","format-standard","hentry","category-security","tag-fortigate","tag-wan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=\/wp\/v2\/posts\/94","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=94"}],"version-history":[{"count":6,"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=\/wp\/v2\/posts\/94\/revisions"}],"predecessor-version":[{"id":710,"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=\/wp\/v2\/posts\/94\/revisions\/710"}],"wp:attachment":[{"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=94"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=94"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.amjet.biz\/IT\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=94"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}