Hi,
I’m testing our implementation of a new mikrotik router and I’m stuck with a loop between our Mikrotik and our fortigate test router.
We are going to replace two juniper SSG router by one mikrotik
We have two internet access connected to the Mikrotik replicating what we have right now on both routers so we have two static routes for 0.0.0.0 via each individual ISP gw.
Each of these IP is setup on our fortigate router with two interfaces and have one static route only for one of the ISP.
The reason is because we have an interconnection for one of the ISP but the other one is configured in transparent mode.
I have setup a bridge for the in/out on the mikrotik for the transparent ISP (A).
I have setup a any any policy in firewall so I do not get issues and focus on routing first.
I have setup a mangle prerouting with premarking “main” from 10.10.10.0/24 to 10.10.20.0/24 (same result with or without)
I have setup a mangle prerouting with premarking “main” from 10.10.20.0/24 to 10.10.10.0/24 (same result with or without)
I have setup a mangle prerouting indicating that from 10.10.10.0/24 we should use static route going to ISP B
I have setup a mangle prerouting indicating that from 10.10.20.0/24 we should use static route going to ISP A
Our issue is that packet from client X cannot reach client Y
Client Y to X is working fine.
From the mikrotik, I can ping client Y and our fortigate as long as I do not specify a source interface link to the traffic of ISP B. A debug on the fortigate shows that packets do not reach it if an interface is specified showing that packet do not exit the mikrotik
I’m not sure what I could be missing so if anyone has any idea, it will be greatly appreciated.
Update : after multiple configuration and doing some test with dst address in mangle rules, It looks like I don’t need a mangle prerouting for ISP A originating IP addresses. Default route for ISP A is taken into account and traffic doesn’t try to go thru ISP B (that would end in a mismatch on the fortigate with unkown IP address reaching the interface of ISP B)
Now my question will be, is my setup correct ? (obviously it’s working but to test full traffic to internet I will have to switch my router from ISP A with Mikrotik)
