FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kanand
Staff
Staff
Article Id 311867
Description This article describes how to use of /31 subnet mask on FortiGate interface for point-to-point networks especially ISP connections.
Scope FortiGate v6.0 and above.
Solution

To preserve IPv4 address space, point-to-point networks can employ a 31-bit subnet mask, as outlined in RFC 3021.

Unlike allocating four IP addresses with a 30-bit subnet mask in IPv4, a 31-bit subnet mask only utilizes two IP addresses: one with all bits set to zero and the other with all bits set to one in the host portion of the IP address.

These two addresses are designated as host addresses and do not necessitate broadcast support. As each transmitted packet from one host is invariably received by the other host, directed broadcast on a point-to-point interface becomes unnecessary.

 

kb.PNG

 

CLI Reference:

 

config system interface

    edit "port1"
        set vdom "root"
        set ip 37.24.248.2 255.255.255.254
        set allowaccess ping https HTTP
        set type physical
        set snmp-index 3
    next
end

 

No special command is required to assign a /31 IP address to an interface on FortiGate. Other IP addresses can be used as the gateway in static route configuration. In this case, that is 37.24.248.3.

 

The ARP entry of the gateway can be viewed on the FortiGate by running the command:

 

get system arp

 

FortiOS supports RFC 3021.

 

Related document:

What's new

 

 

 

Contributors