- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Changing subnets
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Changing subnets
Hello all,
Many years ago, someone set my company up on a local 132.147.xxx.xxx subnet that is currently configured in our FortiGate (running 6.2). I would like to gradually migrate us off of this. My question has to do with the best path to do it. We currently have FortiSwitches that are in standalone mode. With a LAN interface built for this current addressing scheme. I would like to move us to a new addressing scheme with a 10.16.xxx.xxx VLAN for data and a 10.17.xxx.xxx for Voice as we would like to eventually add VOIP.
Would it be best for me to build this through FortiLink? I have two switches that are not currently being used, that I could start this on. Also, how would I build a path between the old network (132.147) and the new network (10.16) so that I could gradually migrate devices over to the new network, could I just do a policy for both directions? Thanks in advance.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey mate, Do you still need help? By the way Im curious with the IP 132.147.xxx.xxx this seems to be out of the range of the private IP addresses to be used locally,
Address ranges to be used by private networks are:
Class A: 10.0.0.0 to 10.255.255.255Class B: 172.16.0.0 to 172.31.255.255Class C: 192.168.0.0 to 192.168.255.255[/ul]Well, if you still need help, just give me a reply.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey mate, Do you still need help? By the way Im curious with the IP 132.147.xxx.xxx this seems to be out of the range of the private IP addresses to be used locally,
Address ranges to be used by private networks are:
Class A: 10.0.0.0 to 10.255.255.255Class B: 172.16.0.0 to 172.31.255.255Class C: 192.168.0.0 to 192.168.255.255[/ul]Well, if you still need help, just give me a reply.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Donaire wrote:Yes, thank you. That is the biggest reason we're moving off of the 132.147 range, because it's not a private IP range. I'm trying to gradually move over to the 10.16 range that we have built. Can you also tell me if it would work for me to build a 10.17 VLAN for VOIP off of the 10.16 interface? Thanks.Hey mate, Do you still need help? By the way Im curious with the IP 132.147.xxx.xxx this seems to be out of the range of the private IP addresses to be used locally,
Address ranges to be used by private networks are:
Class A: 10.0.0.0 to 10.255.255.255Class B: 172.16.0.0 to 172.31.255.255Class C: 192.168.0.0 to 192.168.255.255
Well, if you still need help, just give me a reply.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
well on FGT side you have to change everything that has do to with that subnet:
- interfaces
- addresses
- routes
- ...
if you know the current settings you could take an unencrypted backup of your FGT and do some search & replace on it and then restore it back to the FGT.
Thus there may be other devices or occasions where that subnet or ips oout of it are involced. Those have to be changed too of course.
if you want to have both old and new subnets at the same time you would have to configure that parallel.
Own Interface, policies etc.
then you could create some policy to allow traffic between the subnets. Policy is always only needed for a direction in which you implicitely want to establish a connection.
e.g. if you want to be able to ping from subnet a to b only (but not from b to a
you need a policy that allows icmp echo coming from subnet a and going to subnet b. You don't need any reverse policy to get a ping reply. If you want to be able to ping from b to a too you will need the reverse policy.
Routes are only needed if the "opposite" subnet is not on the same device so to say. As long as you FGT has some interface in a subnet you need no explicite routes for that. The interface makes sure there is a route then.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Related Posts
- FortiMangaer and FGT Hub migration issues... 47 Views
- FortiSASE Change IP-Pool 107 Views
- Dial-up IPsec tunnels with same source... 490 Views
- ipv6 - internal lan interface cannot... 221 Views
- FSSO authentication fallback with flow-based policy 124 Views
Labels
-
FortiGate
6,453 -
FortiClient
1,289 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
67 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.