Description
This article describes the process of adding or configuring multiple IPs on a FortiGate interface.
Scope
Quick addition of secondary IP from the command line as well as GUI.
Solution
To configure another IP than the already defined one, enable this feature first:
In CLI:
config system interface
edit <name>
set secondary-IP enable
end
In GUI:
Then, one can set up the IP as follows:
In CLI:
config system interface
edit <name>
config secondaryip
edit 1
set ip 10.106.107.108 255.255.255.0
next
edit 2
set ip 10.106.107.109 255.255.255.0
next
end
In GUI, access to these new IPs can be easily added:
Benefits of using Secondary WAN IP:
It depends on the destination network. For example, if anyone is trying to reach the subnet the same as the primary IP, then it will use the primary IP and if it wants to reach the subnet as a secondary IP, then it will use the secondary IP. If the destination is part of the secondary IP or the gateway is a secondary IP subnet, then it will use a secondary IP, or else it will use a primary IP.
It is possible to consider secondary IP as a separate virtual interface, functionality will be the same as a separate virtual interface.
The only difference is, that both traffic, will use the same physical interface.
Limitations:
It is not possible to configure a secondary IP address using a DHCP or PPPoE.
