One WAN interface, multiple WAN IPs

Question

Hi folks,We're using the WAN1 interface on our FortiGate only, with IP 72.x.x.1. The internal subnets 10.x.x.x all go through this interface and IP. However, I've set up a new subnet on interface Dorm1, 192.168.1.x, and I want it to utilize a different WAN IP, 72.x.x.6 (which is in the same subnet as the primary WAN1 IP with the same ISP gateway). How can I accomplish this? I've read about creating VIPs, which we do use to map one external IP to one internal IP, but I'm not sure how to handle an entire subnet, AND ensuring that the outgoing traffic is through the other WAN IP as well. Thanks for any ideas, - Eric

ede_pfau · Accepted Answer

You are planning to NAT 2.046 addresses, or is there a typo in your address ranges?

If the mapped-to address is just one, each translation has to be mapped to a different port. There are 64K - 1K ports for this but...this number might be limited by the hardware/FortiOS combination. Have a look at the "Maximum Features matrix" available on docs.fortinet.com .

ede_pfau · Answer

Hi,

for outward traffic you would substitute the source address, not the destination address like in a VIP. Source NAT is done via "IP pool" (Firewall > Objects > IP pools). You can define an IP pool with just a single address (a.b.c.d/32) or a whole subnet.

In the LAN to WAN policy, check "NAT" and "specify address" and select the IP pool.

Check with a visit to whatsmyip.org or the like.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded