Created on
10-07-2022
07:44 AM
Edited on
01-08-2025
11:38 PM
By
jintrah_FTNT
Description
This article describes the process of adding or configuring multiple IPs on a FortiGate interface.
Scope
Quick addition of secondary IP from the command line as well as GUI.
Solution
To configure another IP than the already defined one, enable this feature first:
In CLI:
config system interface
edit <name>
set secondary-IP enable
end
In GUI:
Then, one can set up the IP as follows:
In CLI:
config system interface
edit <name>
config secondaryip
edit 1
set ip 10.106.107.108 255.255.255.0
next
edit 2
set ip 10.106.107.109 255.255.255.0
next
end
In GUI, access to these new IPs can be easily added:
Benefits of using Secondary WAN IP:
It depends on the destination network. For example, if anyone is trying to reach the subnet the same as the primary IP, then it will use the primary IP and if it wants to reach the subnet as a secondary IP, then it will use the secondary IP. If the destination is part of the secondary IP or the gateway is a secondary IP subnet, then it will use a secondary IP, or else it will use a primary IP. For reaching secondary WAN IP from different subnets other than secondary WAN ip subnet, a valid return/default route may have to be additionally created.
Multiple secondary IP's can be configured on the same physical interface, thereby reducing the need for additional physical interfaces for connectivity.
It is possible to consider secondary IP as a separate virtual interface, functionality will be the same as a separate virtual interface.
The only difference is, that both traffic, will use the same physical interface.
Limitations:
It is not possible to configure a secondary IP address using a DHCP or PPPoE.
The total Bandwidth available for all the connections across primary and secondary IP(s) is however limited by the parent physical interface capacity.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.