DMZ configuration of Fortigate 60E does work at Fortigate 90G.

Forum|Forum|11 months ago
July 1, 2025
2 replies
1033 views

Hello Experts,

We have aaa.bbb.209.136/28 global IP address range by provider. The connection is PPPoE.

As wan1 IP address, aaa.bbb.209.142 is set at unnumbered IP. At DMZ, aaa.bbb.209.137/28 is set.

Everything works at Fortigate 60E. Recently, we bought Fortigate 90G to replace it with.

However, the same IP addresses cannot be configured at Fortigate 90G.

When we try to set aaa.bbb.209.137/28 for DMZ, an error message such as

"overlapped network with wan1" is shown. How can we solve this situation?

For information, aaa.bbb.209.142 can be configured at 90G.

Thanks in advance and best regards,

FortiGate

Best answer by Yurisk

Without trying to understand the context - the setting to disable overlapping networks check is

set allow-subnet-overlap

Under config sys settings

kaman

Staff

Hi HT_JDC,

In FortiOS (especially in newer models like the 90G), if two interfaces have IPs within the same subnet, the system flags it as overlapping and prevents configuration—unless special routing techniques are applied.

Your WAN1 interface is using an IP (.142) within the same subnet as your DMZ (.137/28), which the FortiGate 90G now treats as conflicting.

As a solution, you can usea Secondary IP Address on DMZ
Instead of setting .137/28 directly on the DMZ interface, use a /32 host IP as a secondary IP.

If you have found a solution, please like and accept it to make it easily accessible to others.

Regards,