Skip to main content
papapuff
papapuff
New Member
May 26, 2025
Question

2 IP on 1 interface

  • May 26, 2025
  • 3 replies
  • 1172 views

hi,

I've created secondary IP Address to certain Interface (Internal 2), so we can define on Internal 2 has 2 ip:

ip-1, and ip-2

can I make:

certain host (computer) from ip-1 communicate to specific IP address on ip-2?

If different interface, I can make policy route, how about in this case?

kindly please advice.

 

thank you

3 replies

AEK
SuperUser
AEK
SuperUser
May 26, 2025

Hi

Just add a firewall rule like this:

  • srcintf: internal2
  • dstintf: internal2
  • src: some-IP-srom-subnet1
  • dst: some-IP-srom-subnet2
  • service: ping, https, ... etc
AEK
    papapuff
    papapuffAuthor
    New Member
    May 28, 2025

    somehow still not working.

    do you refer to Firewall policy, correct?

     

     

    AEK
    SuperUser
    AEK
    SuperUser
    May 28, 2025

    correct

    AEK
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    May 29, 2025

    My guess is that the FGT silently drops traffic to/from the secondary IP because it doesn't know where to route it.

    Primary addresses always get a "connected" static route immediately.

    Secondary addresses? Have a look at Dashboard - Network - Routing.

     

    If there is no route for the secondary address / it's subnet, then add one in Network - Static routes.

    Of course, with more time and opportunity, you could just debug this with "diag debug flow".

    AEK
    SuperUser
    AEK
    SuperUser
    June 2, 2025

    Try this command sequence, redo the ping tests and share the debug logs.

    diag debug flow filter addr x.x.x.x
    diag debug console timestamp enable
    diag debug flow show iprope enable
    diag debug flow show function-name enable
    diag debug flow trace start 100
    diag debug enable

     

    AEK
    Terms & ConditionsAccessibility statement