Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anthony_E
Community Manager
Community Manager

Created on ‎04-25-2009 08:40 AM Edited on ‎09-23-2025 01:31 AM

Article Id 190395

Technical Tip: Changing Internet Service Providers

Description

 

This article describes specificity when changing Internet Service Providers.

 

Scope

 

FortiGate.


Solution

 

When changing ISP's follow the steps listed below :

 

  1. Change the external IP on the interface (System -> Network -> Edit Interface). Network -> Interfaces -> Edit.
  2.  Delete old static routes (Router -> Static). Network -> Static Routes -> Delete.
  3.  Create new static routes (Router -> Static). Network -> Static Routes -> Create New.   

 

If updating an existing static route entry, make sure to update the gateway IP. Go to `Network -> Static routes`. Edit the default route 0.0.0.0 entry and provide the new gateway IP address on the static route.

 

To edit the static route from CLI : 

 

config router static
  edit <ID number>
        set gateway x.x.x.x      <----- New ISP provider gateway IP.
        set distance 10
        set device "port1"
    next
end

 

A warning may appear if the gateway IP from the previous Internet Service Provider is not updated to match the new provider’s IP gateway.

In the screenshot below, the warning shows that the Gateway IP 100.92.16.100 is not reachable via the  New Service Provider  IP range  10.9.11.3/20.

 

kb1.png

 

  1. If the interface is a member of an SD-WAN zone, update the gateway address under the SD-WAN member as described in Technical Tip: How to modify WAN IP settings when using SD-WAN
  2. Kill all active sessions on the device. From the GUI:

 

diagnose sys session filter sintf <WAN> 
diagnose sys session clear

diagnose sys session filter dintf <WAN>
diagnose sys session clear

 

  1. Change the external IP addresses on the VIP if there are any.
  2. If necessary, reconfigure the DNS servers on the device (System> Network> Options). Network -> DNS.
  3. Sometimes, after changing the service provider (ISP) the ARP entry is not registered as expected on FortiGate. Make sure to verify the ARP entry for the gateway:

 

get system arp

 

If the ARP is not registered, try to ping the gateway IP of the service provider to verify connectivity and the MAC address ARP entry:

 

execute ping-option source x.x.x.x [WAN ip address]

execute ping x.x.x.x [ISP gateway IP]


Note:
When defining the new Static Route, leave the Destination IP and Mask as 0.0.0.0, select the external interface for the unit, define the Gateway received from the Internet Service Provider, and leave the Distance set to 10.


To clear all active sessions, type: 'diagnose sys session clear'.

Related document:

Dual internet connections 

Labels:
7440
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.