Skip to main content
stevo1030
stevo1030
New Member
February 15, 2021
Question

Two different Public IP addresses to be masked as one

  • February 15, 2021
  • 1 reply
  • 5293 views

Good Day all

 

i am in a predicament, i have 2 different service providers that have two different public ip addresses, we use an application from the states that is only able to use one public ip. the reason i have 2 different public ip addresses is that on is a fail over. i need to make sure that if the second link kicks in due to power or provider issues that it reflects the same public ip as the main link. is this even possible i have read numerous posts but none seem to help me achieve my goal. 

 

please help  

 

thank you in advance.

    1 reply

    sw2090
    SuperUser
    sw2090
    SuperUser
    February 15, 2021

    I dont think that is possible the way you think.

    You can create WAN Redundancy by using sd-wan or adding more default routes with higher costs.

    Still you will have to do dnat with the ip the currently used wan interface has.

    Other way round would be a routing/ip distribution issue on your isp(s) side. I don't thihnk they will do this.

     

    A "workaround" might be not to use the public ip but on the opposite side use a fqdn created by a dnyndns service that points to the ip oof your currently used wan. This can be done by using the buiilt in FortiDDNS Service in the FGT.

    stevo1030
    stevo1030Author
    New Member
    February 15, 2021

    Thank you for your quick response, so my efforts are actually in vain? i just really thought that this would be possible. like creating a trunk with the public ip and all traffic that passes through that tunnel would reflect that public ip, sort of like masking.

     

    thank you again

    lobstercreed
    lobstercreed
    New Member
    February 15, 2021

    Hi Steven,

     

    The problem is you're only thinking of your environment, not how the Internet as a whole routes traffic.  ISP A owns your WAN 1 IP address and ISP B owns your WAN 2 IP address. 

     

    There is no mechanism in your situation for upstream providers to know that YOUR link with ISP A failed and they should now route your particular ISP A IP address to ISP B.  They don't even know you use ISP A and B, because they don't know you exist. 

     

    BGP is that mechanism for larger networks (i.e. if you owned your OWN addresses), but you'd need at least a /24 not to run into filtering issues.  Sebastian's idea of using dynamic DNS is your best shot.

     

    - Daniel

    Terms & ConditionsAccessibility statement