FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AlexC-FTNT
Staff
Staff
Article Id 226046

Description

 

This article describes the process of adding or configuring multiple IPs on a FortiGate interface.

 

Scope

 

Quick addition of secondary IP from the command line as well as GUI.

 

Solution

 

To configure another IP than the already defined one, enable this feature first:

 

In CLI:

 

# config system interface

    edit <name>

      set secondary-IP enable 

  end 

 

In GUI: 

 

AlexCFTNT_0-1665150939391.png

 

Then, one can set up the IP as follows:

 

CLI:

 

# config system interface

   edit <name>

     config secondaryip
        edit 1
          set ip 10.106.107.108 255.255.255.0
        next

        edit 2

          set ip 10.106.107.109 255.255.255.0
        next

  end

 

In GUI, access to these new IPs can be easily added:

 

AlexCFTNT_1-1665151207823.png

 

Benefits of using Secondary WAN IP:

It depends on the destination network. e.g. if anyone is trying to reach the subnet the same as the primary IP, then it will use the primary IP and if it wants to reach the subnet as a secondary IP, then it will use the secondary IP. If the destination is part of the secondary IP or the gateway is a secondary IP subnet, then it will use a secondary IP, or else it will use a primary IP.

 

It is possible to consider secondary IP as a separate virtual interface, functionality will be the same as a separate virtual interface. The only difference is, that both traffic, will use the same physical interface.