Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FGTuser0
New Contributor II

FGT 60F with 2 IPs on WAN1 and want to use them both

Hello,

 

I have a FGT 60F and have multiple WAN IP configured on WAN1
(Network >> Interfaces >> WAN1 ; Manual settings + "Secondary IP address" configured

 

 

Is this the right way to configure it?

 

The second thing:

one internal IP should route all traffic over the second WAN IP Address and all the other internal devices should route over the "normal/default" WAN IP.

 

 

 

1 Solution
sidewaysguy14

Are the IP's in the same subnet?  If so I'd configure the subnet on the wan interface with the first IP and provided subnet mask.  Use an IP Pool specifying the second IP address and use it in policy for the single device.  In this case, if you needed the second IP to have an admin function, then list it as a secondary IP (eg. ping). 

 

 

Secure all the things!

View solution in original post

6 REPLIES 6
distillednetwork
New Contributor III

If you are just trying to use the two IP addresses as NAT IPs, not need to do that.  Simply put the one IP address on WAN1 then in the firewall policies just enable NAT with "Use Outgoing Interface Address" for the devices that you want to use that IP.

 

For the other IP address, create an IP Pool.  You can then create firewall policies for those hosts and when you enable NAT, select "Use Dynamic IP Pool" and use your IP Pool instead of "Use Outgoing Interface Address"

 

SNAT.png

sidewaysguy14

Are the IP's in the same subnet?  If so I'd configure the subnet on the wan interface with the first IP and provided subnet mask.  Use an IP Pool specifying the second IP address and use it in policy for the single device.  In this case, if you needed the second IP to have an admin function, then list it as a secondary IP (eg. ping). 

 

 

Secure all the things!
FGTuser0
New Contributor II

Is this the right way??

(exemple IPs used)

WAN 88.88.77.70 / 255.255.255.248
GW 88.88.77.69

I want to use 88.88.77.70 & 88.88.77.71

 

Configuration:

Network > Interfaces > WAN1

1.png

 

 

Static Route

2.png

 

IP Pool

3.png

 

 

 

sidewaysguy14

Hi @FGTuser0 

 

In general yes that would be correct, with you selecting the IP Pool in the IPv4 policy. 

 

I think the first thing to confirm is your actual subnet info as when I double-checking the usable range would be x.x.x.65-x.x.x.70 for the x.x.x.64/29 subnet.  This would mean that your gateway would typically be the x.x.x.65 and the broadcast address would be x.x.x.71 which cannot be used as an IP.  I'd use x.x.x.66 as the IP on the wan interface and x.x.x.67 as the second IP for the IP Pool.  

 

But please double-check your subnet info and my math before implementing. :) 

 

Hope that helps!

Secure all the things!
FGTuser0

Thanks!
IP's in the screenshots are not the actual IP's. :)

sidewaysguy14

No problem!  That's good to know.  :)

Secure all the things!