My situation is this: I have 3 different ISPs: VIVO, TIM, and NET here in Brazil (1 Static IP and 2 Dynamic). I need to do 3 things: 1) Connect my 3 ISPs on one device. 2) I need to use only one public IP to connect to the internet. Every single workstation needs to connect through this IP as if there is only one ISP connected. 3) If the main link goes down, another link could assume its place but the same old public IP still must be used.
Is there a way to do that? Any appliance, proxy, or DDNS?
Thanks in advance.
Solved! Go to Solution.
OP, why not engage SDWAN. Your 3x ISP is ideal for SDWAN. You set up 3x ports and cfg 3x subnets and set these are members in SDWAN
Ken Felix
PCNSE
NSE
StrongSwan
nope.
SDWAN enables you to use n WANs as one WAN for outgoing traffic.
If you want n WAN Lines with one IP you would need an aoutonomous subnet. Only those can be routed isp independent. But those are hard to get and expensive. And you need the neccessary technology to be able to announce routes...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
As far as OP's question goes, this is of course impossible. SD-WAN, zones, etc has no bearing.
I keep seeing this question come up but it always has been and always will be impossible to use an IP that you don't own on a network that doesn't own that IP. Routing 101... It's like you moved to a different country but think that you can continue to use the old country's return address and your friends will somehow magically end up on your doorstep.
So the question for the OP is whether this "requirement" is truly a requirement or merely a preference? If it's a true requirement, there is significant money and effort involved but clearly the bosses will pay if it's a requirement.
Otherwise, use SD-WAN like most folks and simply realize you may present the IP address of each of your WAN's depending on the route you take. :)
My thoughts ; unless he does BGP and have an allocation given, he is not going to use one single ip/subnet across 2 other ISPs. BCP38 egress filtering along will kill them.
I would deploy SDWAN and if concern, set preference for ISP A over B or C if required.
Ken Felix
PCNSE
NSE
StrongSwan
Not possible unless you have your own public subnet from LACNIC.
OP, why not engage SDWAN. Your 3x ISP is ideal for SDWAN. You set up 3x ports and cfg 3x subnets and set these are members in SDWAN
Ken Felix
PCNSE
NSE
StrongSwan
emnoc wrote:OP, why not engage SDWAN. Your 3x ISP is ideal for SDWAN. You set up 3x ports and cfg 3x subnets and set these are members in SDWAN
Ken Felix
Thank you for your response. I'm not familiar with this concept yet. With SDWAN, could I connect 3x ISP with the external sites and applications detecting me as one IP?
nope.
SDWAN enables you to use n WANs as one WAN for outgoing traffic.
If you want n WAN Lines with one IP you would need an aoutonomous subnet. Only those can be routed isp independent. But those are hard to get and expensive. And you need the neccessary technology to be able to announce routes...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090 wrote:SDWAN enables you to use n WANs as one WAN for outgoing traffic.
How is this different from just putting your WAN interfaces into a single Fortigate zone? Is that the same thing?
If you want n WAN Lines with one IP you would need an aoutonomous subnet.
Oh yah; running BGP is a very very big hairy deal.
hm a zone does not do loadbalancing or knows rules for wan access?
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090 wrote:Sounds like I have some reading to do :)hm a zone does not do loadbalancing or knows rules for wan access?
As far as OP's question goes, this is of course impossible. SD-WAN, zones, etc has no bearing.
I keep seeing this question come up but it always has been and always will be impossible to use an IP that you don't own on a network that doesn't own that IP. Routing 101... It's like you moved to a different country but think that you can continue to use the old country's return address and your friends will somehow magically end up on your doorstep.
So the question for the OP is whether this "requirement" is truly a requirement or merely a preference? If it's a true requirement, there is significant money and effort involved but clearly the bosses will pay if it's a requirement.
Otherwise, use SD-WAN like most folks and simply realize you may present the IP address of each of your WAN's depending on the route you take. :)
My thoughts ; unless he does BGP and have an allocation given, he is not going to use one single ip/subnet across 2 other ISPs. BCP38 egress filtering along will kill them.
I would deploy SDWAN and if concern, set preference for ISP A over B or C if required.
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1751 | |
1114 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.