Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
srv4ever
New Contributor

3 ISPs with one public IP

My situation is this: I have 3 different ISPs: VIVO, TIM, and NET here in Brazil (1 Static IP and 2 Dynamic). I need to do 3 things:   1) Connect my 3 ISPs on one device.   2) I need to use only one public IP to connect to the internet. Every single workstation needs to connect through this IP as if there is only one ISP connected.   3) If the main link goes down, another link could assume its place but the same old public IP still must be used.  

Is there a way to do that? Any appliance, proxy, or DDNS?  

Thanks in advance.

   
4 Solutions
emnoc
Esteemed Contributor III

OP, why not engage SDWAN. Your 3x ISP is ideal for SDWAN. You set up 3x ports and cfg 3x subnets and set these are members in SDWAN

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
sw2090
Honored Contributor

nope.

SDWAN enables you to use n WANs as one WAN for outgoing traffic.

If you want n WAN Lines with one IP you would need an aoutonomous subnet. Only those can be routed isp independent. But those are hard to get and expensive. And you need the neccessary technology to be able to announce routes...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

View solution in original post

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
lobstercreed

As far as OP's question goes, this is of course impossible.  SD-WAN, zones, etc has no bearing. 

 

I keep seeing this question come up but it always has been and always will be impossible to use an IP that you don't own on a network that doesn't own that IP.  Routing 101...  It's like you moved to a different country but think that you can continue to use the old country's return address and your friends will somehow magically end up on your doorstep.

 

So the question for the OP is whether this "requirement" is truly a requirement or merely a preference?  If it's a true requirement, there is significant money and effort involved but clearly the bosses will pay if it's a requirement.

 

Otherwise, use SD-WAN like most folks and simply realize you may present the IP address of each of your WAN's depending on the route you take.  :)

View solution in original post

emnoc
Esteemed Contributor III

My thoughts ; unless he does BGP and have an allocation given, he is not going to use one single ip/subnet across 2 other ISPs. BCP38 egress filtering along will kill them. 

 

I would deploy SDWAN and if concern, set preference for ISP A over B or C  if required.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
14 REPLIES 14
Toshi_Esumi
Esteemed Contributor III

Not possible unless you have your own public subnet from LACNIC.

emnoc
Esteemed Contributor III

OP, why not engage SDWAN. Your 3x ISP is ideal for SDWAN. You set up 3x ports and cfg 3x subnets and set these are members in SDWAN

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
srv4ever
New Contributor

emnoc wrote:

OP, why not engage SDWAN. Your 3x ISP is ideal for SDWAN. You set up 3x ports and cfg 3x subnets and set these are members in SDWAN

 

Ken Felix

 

Thank you for your response. I'm not familiar with this concept yet. With SDWAN, could I connect 3x ISP with the external sites and applications detecting me as one IP?

sw2090
Honored Contributor

nope.

SDWAN enables you to use n WANs as one WAN for outgoing traffic.

If you want n WAN Lines with one IP you would need an aoutonomous subnet. Only those can be routed isp independent. But those are hard to get and expensive. And you need the neccessary technology to be able to announce routes...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
SJFriedl
New Contributor II

sw2090 wrote:

SDWAN enables you to use n WANs as one WAN for outgoing traffic.

How is this different from just putting your WAN interfaces into a single Fortigate zone? Is that the same thing?

If you want n WAN Lines with one IP you would need an aoutonomous subnet.

Oh yah; running BGP is a very very big hairy deal.

sw2090
Honored Contributor

hm a zone does not do loadbalancing or knows rules for wan access?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
SJFriedl
New Contributor II

sw2090 wrote:

hm a zone does not do loadbalancing or knows rules for wan access?

Sounds like I have some reading to do :) 

lobstercreed

As far as OP's question goes, this is of course impossible.  SD-WAN, zones, etc has no bearing. 

 

I keep seeing this question come up but it always has been and always will be impossible to use an IP that you don't own on a network that doesn't own that IP.  Routing 101...  It's like you moved to a different country but think that you can continue to use the old country's return address and your friends will somehow magically end up on your doorstep.

 

So the question for the OP is whether this "requirement" is truly a requirement or merely a preference?  If it's a true requirement, there is significant money and effort involved but clearly the bosses will pay if it's a requirement.

 

Otherwise, use SD-WAN like most folks and simply realize you may present the IP address of each of your WAN's depending on the route you take.  :)

emnoc
Esteemed Contributor III

My thoughts ; unless he does BGP and have an allocation given, he is not going to use one single ip/subnet across 2 other ISPs. BCP38 egress filtering along will kill them. 

 

I would deploy SDWAN and if concern, set preference for ISP A over B or C  if required.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors