Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Created on ‎04-25-2022 11:44 PM

WAN connectivity ( ISP1 & ISP2)

Hi Greetings to you all,

 

I need your comment for the below screenshot-

First I will explain that I have taken two ISP for internet connectivity in the organization -

both ISP have provided below IP pool-

Airtel - 1.1.1.0/30

           - 3.3.3.0/29

Voda - 2.2.2.0/30

          - 4.4.4.0/29

so which IP should I use for connecting both internet lines, as far as I think /30 for both internet lines and /29 used for servers. Is it correct what I am saying.

I have servers - Web server, Email server, DNS server, NTP server, etc.

Note - My question is why should we use separate  IPs for servers.

please explain if you understand from the below screenshot which I have prepared as per my understanding.

topology.JPG

Labels:
1110
0 Kudos
4 REPLIES 4
jintrah_FTNT
Staff
Staff

Created on ‎04-26-2022 12:01 AM

Hi Umesh,

 

Yes, your understanding on using /30 subnet for internet links and /29 for hosting servers is correct.

I believe you intend to use an IP address from each ISP pool to host a server for redundancy purpose, and that you do own a BGP AS number to host them on a single IP address to achieve redundancy when either of the internet links fail.

 

best regards,

Jin

 

1060
0 Kudos
Umesh
Contributor
In response to jintrah_FTNT

Created on ‎04-26-2022 12:15 AM

Hi Jin,

I have one webserver just I want to know what would be configuration roadmap on the firewall with one public IP can you make me clarify it.

 

thank you

1056
0 Kudos
jintrah_FTNT
Staff
Staff
In response to Umesh

Created on ‎04-26-2022 12:20 AM

Hi Umesh,

 

Please see the article Technical Tip: Configuring Hairpin NAT (VIP) - Fortinet Community which would be helpful.

 

Best regards,

Jin

1054
0 Kudos
akristof
Staff
Staff

Created on ‎04-26-2022 12:04 AM

Hi,

Thank you for your question. You can use 1 real IP server and you create 2 VIPs, each for one public IP from one pool and you can DNAT traffic. Usually, each provider will give you different pools because they have different super nets assigned by IANA. And unless you have dynamic routing between both ISPs, ISP1 will advertise network 3.3.3.0/29 to internet while ISP2 will advertise 4.4.4.0/29 to internet.

Adrian
1059
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.