Skip to main content
marc10k
marc10k
New Member
February 9, 2016
Question

Changing all the IPs in the firewall objects settings

  • February 9, 2016
  • 1 reply
  • 5803 views

Hello 

The Fortigate 60D is used for a small industrial network where it just does some NATing from IPv6 and IPv4 into IPv4. The complete network is installed inside the customers network. Security is not the most important because this is the customers responsibility. 

The internal IP addresses are always the same. Depending on the customers network infrastructure the external IP addresses does change. This results in over 140 changes in the virtual IP settings for IPv6 and IPv4. Up to now the configuration is downloaded, all the old IPs are replaced with the new one using a text editor and the configuration is uploaded again. This procedure can be prone to errors and the fault finding can be difficult because our on site technician is not a network guy. 

Is there a possibility to make this process easier like using a variable in the virtual IP settings or something else?

 

Marcus

1 reply

AndreaSoliva
AndreaSoliva
New Member
February 9, 2016

Hi

 

I can not follow to 100% but if you define a VIP with external address 0.0.0.0 and you define as example wan1 this will work which means the VIP Object will use always the IP which is at the moment on wan1. In many configurations within the FGT 0.0.0.0 means "dynamic config" using IP of interface or something like that.

 

hope this helps

 

Have fun

 

Andrea

marc10k
marc10kAuthor
New Member
February 9, 2016

Hello Andrea

Thank you for your answer. Your understanding is correct. It works fine with IPv4 and does what I want. I was just thinking too complicated. The Foritnet routers are still quite new for me. Is there a 0.0.0.0 IPv4 counterpart for IPv6? When I use 0:0:0:0:0:0:0:0 or :: as the external address I get "Input value is invalid." after try to save it.

 

Marcus

AndreaSoliva
AndreaSoliva
New Member
February 9, 2016

Hi

 

sorry no clou do not use IPv6 :) what you can do is go to CLI to find out what you have to define. If you go to cli with config firewall vip6 and you set extip 0:0:0:0:0:0:0:0 or :: it works :) Do the config over CLI and have a look. Can be a gui problem.

 

have fun

 

Andrea

Terms & ConditionsCookie settingsAccessibility statement