Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gagandeeps
Staff
Staff

Created on ‎12-09-2024 09:45 PM

Article Id 361175

Troubleshooting Tip: Creating a static route and changing the VRF after adding overlapping subnet on different interfaces

Description The article describes, how to add an overlapping subnet on a different interface(s) and resolve routing issues.
Scope FortiGate.
Solution

To use the same subnet on more than one interface, it is required to enable overlap-subnet

 

  1. Use the following commands to configure the overlap subnet:

 

config system settings

    set allow-subnet-overlap enable

 end

 

OLS-2.JPG

 

OLS-2.JPG

 

OLS-2.JPG

 

In the above example, the configuration of an alternate WAN port in the same subnet range. This will allow to use of an IP on

same subnet as the existing outgoing WAN.

 

  1. Any interface on the same subnet as the current WAN interface(s) must have a different VRF ID as the other or else there will be routing problems. The WAN(port1) interface is VRF0. Use VRF 1 for the considered networks using the alternate internet interface i.e WAN port-Alternate(port10)

 

OLS-3.JPG

 

ols-4.JPG

 

  1. Create the static route using the same gateway IP as WAN (port1):

 

OLG-5.JPG
275
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.