Skip to main content
andrew_ang
andrew_ang
New Member
May 19, 2017
Question

FortiGate Routing + WAN LLB + NAT Policy

  • May 19, 2017
  • 2 replies
  • 5968 views

Hello,

 

I'm running into problems setting up a secondary WAN to be added into the LLB. Specifically the NAT Policy.

 

Our ISP provided us a media convert but no L3 router to our office. They gave us a /30 address block for the provider edge (PE) and customer (CE) IP, and another /28 address block that's already been routed. 

 

Address info below (Not real of course):

 

PE/CE: 10.188.30.140/30 (141 for PE, 142 for CE)

Usable Address Block: 10.188.65.48/28 

 

I'm trying to figure out how I can use the Usable Address Block in the WAN LLB for port2, and all policies to use this block for NAT translation. But adding it to WAN LLB, I need to specify that the gateway is 10.188.30.141, and by default, this translates the NAT address to 10.188.30.142 (CE block). 

 

Is there any way for me to setup a virtual router like function in Fortigate, and then have port2 have the 65.48 block, and have it do the NAT translation from there? 

 

Help on setting this up would be appreciated.

 

Thanks.

 

Andrew

    2 replies

    andrew_ang
    andrew_angAuthor
    New Member
    May 20, 2017

    Anyone?

    andrew_ang
    andrew_angAuthor
    New Member
    May 20, 2017

    Anyone? -- oops. double post. sorry.

    MikePruett
    MikePruett
    New Member
    May 21, 2017

    Sounds like they gave you the /30 and then routed the usable block to that IP that should be used for your WAN address. (so your usable space has to go to the .142 as your device will be the router for that subnet)

     

    That means you can't do what you want. You will need a separate provider.

    andrew_ang
    andrew_angAuthor
    New Member
    May 22, 2017

    I did check that it works.

     

    From my understanding, I can have a router device between the media converter and the FortiGate that routes the /30 to the block that they gave me, and I can assign the the CE address to one port (10.188.30.142), and one of the addresses in the WAN block (10.188.65.49). From there I can assign all the addresses to the Fortigate, and set it's Gateway to 10.188.65.49.

     

    I just want to avoid having to have another routing device, and was wondering if i can do it on the Fortigate.

    Terms & ConditionsAccessibility statement