FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Community Manager
Community Manager
Article Id 190395



This article describes specificity when changing Internet Service Providers.







When changing ISP's follow the steps listed below :


  1. Change the external IP on the interface (System -> Network -> Edit Interface).
    Network -> Interfaces -> Edit.
  2.  Delete old static routes (Router -> Static).
    Network -> Static Routes -> Delete.
  3.  Create new static routes (Router->Static).
    Network -> Static Routes -> Create New.
  4.  Kill all active sessions on the device
    From GUI


dia sys session filter sintf <WAN>  dia sys session clear

dia sys session filter dintf <WAN>
dia sys session clear


  1. Change the external IP's on VIP if there are any
  2. If needed, reconfigure the DNS servers on the device (System -> Network -> Options).
    Network -> DNS.
  3. Sometimes after changing the service provider [ISP] arp entry is not registered as expected on FortiGate, make sure to verify the arp entry for the gateway:


get system arp


If the ARP is not registered try to ping the gateway IP of the service provider to verify connectivity and mac address arp entry:


execute ping-option source x.x.x.x [WAN ip address]

execute ping x.x.x.x [ISP gateway IP]

When defining the new Static Route leave the Destination IP and Mask as, select the external interface for the unit, define the Gateway received from the Internet Service Provider, and leave the Distance set to 10.

To clear all active sessions type FGT# diag sys session clear