I am using a Fortigate 1000c working on NAT mode. It has two WAN connections (WAN1 and WAN2). I am using a static route.
For some reasons, There are many firewalls and routers (Cisco, TP-Link and so…) are connected to it from inside on a specific VLAN. (i.e VLAN-42 used for routers) and The routers have static local IPs.
When I changed the route of this VLAN (in the Fortigate) and force it to outgo from WAN2 instead of WAN1. The routers couldn't access the internet until rebooting?!
So, Why they have to reboot their router after I change the static route? Because the one who rebooted, get the internet service. But others stayed stuck with no internet access for two days after that, they rebooted and got connected.
Many thanks.
Best Answer
just a guess, but a possible cause of this is the presence of active NAT translations.
Since there's existing translations in the NAT table the connections from the internal devices will match those translations which are valid for WAN1, and try to go out WAN1. Since the route doesn't exist anymore the connection fail.
Each tentative will refresh the timeout of the NAT entry and so the issue persist until the NAT table is cleared.