FortiWAN Configurations

Policy Settings: A/AAAA Record Policy

An A/AAAA record policy defines how to dynamically answer to the requests for an A/AAAA record according to traffic loading of WAN links, which achieve the inbound load balancing. The basic items to define a policy are the load balancing algorithm and the related WAN parameters. By associating an A/AAAA record with a policy, Multihoming can determine a good WAN link among the candidates and answer the WAN port IP to the requests for the A/AAAA record. Click the add button to create a new policy and get the following settings configured.

Policy Name Enter a name to the A/AAAA record policy. The policy name will be listed in the To Policy drop-menu of an A/AAAA configuration for assigning a policy to an A/AAAA record.
T Check to enable threshold function to the policy.

Administrators can configure the downstream and upstream threshold of each

WAN link on the configuration page of WAN Setting (See “Configuring your WAN”). WAN links with traffic that exceeds the threshold values will be considered as failed to Multihoming, and the other WAN links will be replied according to the configured A / AAAA Record Policy.

Algorithm Select an load balancing algorithm from the drop-down menu for this A/AAAA policy. Multihoming determines a WAN link among the candidates according to the selected algorithm and replies its IP to requests for a A/AAAA record. The algorithms for options are:

l    By Weight: selects a WAN link by weighted round-robin. l By Downstream: selects a WAN link with the lightest downstream traffic load. l By Upstream: selects a WAN link with the lightest upstream traffic load. l By Total Traffic: selects a WAN link with the lightest total traffic load.

l    By Optimum Route: selects the best WAN link according to “Optimum Route

Detection”. l By Static: answers to queries with the specified static IP addresses.

See Load Balancing Algorithms for the details.

Policy Advanced Setting Set the WAN parameters to the selected algorithm for this policy. By clicking the add button aside the WAN Link field, you add one or more WAN links to the policy for the select algorithm. The algorithm selects one of them for Multihoming to reply a DNS query. For algorithm By Static, only the IP addresses are required, no WAN link is involved. Click the add button to add one or more static IPs for it. The followings are the WAN parameters need to be configured.
Show/Hide Details Click to expand or collapse the settings.
WAN Link Select the WAN link to be a candidate for the selected algorithm.

This field is not available for algorithm By Static, since Multihoming answers the static IPs to requests without evaluating traffic loading of WAN links.

IPv4/IPv6 Address Specify an IP address for Multihoming to answer to resolving requests when the defined WAN link is chosen by the algorithm.

By default, the first IP deployed on the localhost of the selected WAN link (see Configuring your WAN) is listed on the drop-down menu for an option, or you can specify another IP manually if multiple IPs are deployed on the WAN link. If the host is deployed in LAN (see Virtual Server), the IP address that Multihoming replies to requests of resolving the host must be an IP deployed on the WAN’s localhost. If the host is deployed in DMZ of a WAN link, then you can directly specify the IP (an IP of the DMZ subnet) of the host here.

For algorithm By Static, there is no default IP listed for options. Specify it manually.

Weight Specify the weight to the WAN link. This is only available for algorithm By Weight. Weighted round-robin determines a WAN link from the candidates according to the weight of each WAN link.

Domain Settings

Non-relay mode Multihoming not only performs the inbound load balancing, but also manages domains and resolves hostnames. Thus, Multihoming supports the resource records, NS, A/AAAA, CName, DName, SRV, MX and TXT, for a managed domain. Among the records, A/AAAA records are required to associate with predefined policies to achieve the idea of inbound load balancing. It contains the following settings to get a domain configured to Multihoming: basic domain information, DNSSEC, related resource records and external subdomain of the domain.

The table below configures Domain Settings: multihoming domain names, DNS servers names (for querying domain), and answering policies to be applied when being given a prefix of the domain name.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.