I apologize if this is answered elsewhere, and would appreciate being pointed in that direction if so as I don't mean to waste anyone's time--I've spent quit a few hours now trying to figure out best practice for what I'm trying to accomplish and it seems most discussions are just a hair different that makes me go down a rabbit hole only to ultimately not make it work. I learn a lot, but it doesn't seem to fit quite right.
I would like to use a FG 81E to drop between an ISP switch and Unifi ES24 to not only handle our LAN (Unifi Wifi Campus off the ES24) but also handle fiber coming from a nearby junction box that will have a tenant on each fiber crossover (adapter) to one of the ethernet interfaces.
These tenants will potentially want their own unique public IP. So, ideally, each interface would be configured to be it's own public IP from a /27 provided by the ISP. The incoming ISP interface (the shared WAN1) will also be on this /27, as well.
I've been able to get this to work by using VLANs and subnetting the different tenants, under the assumption the ISP will work with me on the VLANs, but this means they won't have that unique public IP they want. I'm new to the Fortigate line of hardware but would love to make this work and figured, at the very least, this post can be referenced by others in the future.
Are the unique public IPs even doable with the 81E on the individual interfaces?
I gave the WAN1 interface an IP but obviously that collides when trying to then bring up the interfaces. I've looked into IP pools, VIP, and I'm now starting down the path of port forwarding, so I was curious if anyone had some "No, stay focused on IP pools" advice for me--I definitely don't intend for anyone to build the config for me. Just a nudge in the right direction would be hugely beneficial at this point.
Thank you in advance!