Technical Tip: How to assign different IP pools fo...

FortiSASE

FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.

Article Id 423365

Description

This article describes how to assign different IP pools for tunnel and edge devices.

Scope

FortiSASE.

Solution

Tunnel and edge devices are assigned with an IP from the default 100.65.0.0/16 range.

To change the IP pools, perform the steps below.

Navigate to Network -> IP management -> IPAM. The default pool will be configured as follows:

Screenshot 2025-12-16 165651.png

The following subnets can be used.

100.65.0.0/16 (default)
10.0.0.0/8
100.64.0.0/10
172.16.0.0/12
192.168.0.0/16

Additional information is available in the FortiSASE documentation: Remote VPN and edge device user identification.

After changing IP pools, users will be assigned an IP from the selected range:

IPAM:

Screenshot 2025-12-16 165731.png

FortiClient:

Screenshot 2025-12-16 170910.png

User connection and endpoint under Monitoring -> Status will show the newly assigned IPs to the user client.

Screenshot 2025-12-16 171119.png

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to assign different IP pools for tunnel and edge devices

You are leaving our website