Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nishtha_Baria
Staff
Staff

Created on ‎09-25-2023 09:40 PM

Article Id 275844

Technical Tip: How to use a One-to-One IP Pool without using IP range

Description

This article describes how to add one IP in a One-to-One IP Pool.
Scope FortiGate.
Solution

When using a One-to-One IP Pool, it is required to enter the range of IPs. Sometimes there might be occasions where the mapped IP address needs to be just one IP.

 

For example:

In the above screenshot, when one adds just one IP is considered as invalid.

 

invalidiprange.jpeg

 

Other similar scenarios where IP will be considered as invalid:

 

10.10.10.10/32

10.10.10.10 255.255.255.255

 

The right approach would be:

 

From CLI:

 

config firewall ippool

    edit "DMZ SNAT"

        set type one-to-one

        set startip 10.10.10.10

        set endip 10.10.10.10

    next

end

 

From GUI:

 

validip.jpeg

 

This will ensure that the mapping will consist of only one IP and also in a valid format.

 

As this is valid, it can be used in Firewall policy as NAT with ‘Use Dynamic IP Pool’ and selecting the IP Pool just created.

 

firewallippool.jpeg


Related article:

Technical Tip: How to configure SNAT with IP pool
380
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.