Description
This article describes that IPoE, or IP over Ethernet, is a common method for delivering internet connectivity to homes and businesses.
It is an evolution of older technologies like PPPoE (Point-to-Point Protocol over Ethernet) and is widely used in modern broadband networks. We will be addressing the scenario where the ISP provides two sets of IP addresses:
- Connection IP: The first set of IPs received from the ISP, is the public IP address that is assigned to the device. This is the IP address that the wider internet sees when the business connects to online resources. It is essential for routing data between the network and the internet.
- Routing IP: The second set of IPs received, is related to routing or administrative purposes. ISPs often allocate additional IP addresses for network management, Quality of Service (QoS) configurations, or other internal purposes. These addresses might not be visible or directly used by your devices.
Step-by-Step Overview.
Configure WAN Interface with Routing IP:
- Configure Interface with Connection IP as secondary IP.
- Create an IP pool from which to perform NAT.
- Configure outgoing firewall policies with NAT pool from point 3.
- Change FortiGate self-generated traffic source-ip, to avoid communication issues with FortiGuard.
Step-By-Step:
- Configure Interface with Routing IP.
- Configure Interface with Connection IP as secondary IP.
- Make sure the gateway points towards the Routing network gateway.
- Create an IP pool from which to perform NAT:
- Configure outgoing firewall policies with NAT pool from point 3:
- To change FortiGate's self-generated traffic source-ip, to avoid communication issues with FortiGuard, refer to the related article.
Technical Note: How to control/change the FortiGate source IP for self-generated traffic
