Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Technigogo
New Contributor

Created on ‎06-28-2023 07:26 AM

Configure Google Fiber static IP s on FortiGate 80F

The client had a single IP from Google Fiber before my company took over support. We installed an 80F, and the "static" is issued by DHCP from Google Fiber on the WAN interface. We have upgraded their Google Fiber account to add 5 static IPs. The statics are in a different subnet. 

 

I am unsure what to do. Very important - if I create VLAN(s) for the static IP(s), what will change for the static IP issued by DHCP over the WAN? All traffic is currently using that DHCP static IP, including VPN. Will that render that IP unusable since it becomes a gateway for the block of static IPs?

 

If the statics require VLAN, what interface? the main LAN or the WAN? What is the Role that I select: LAN? WAN? DMZ? Undefined?

 

Can this be done with VIPs or IP Pools? If IP Pools, what type do I use? One-to-One, Fixed-Port Range, or something else?

 

Here is Google's depiction of the necessary layout for using static IPs.

Technigogo_0-1687961380285.png

 

 

 

Labels:
2494
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to Technigogo

Created on ‎06-28-2023 09:22 AM Edited on ‎06-28-2023 09:23 AM

Google's doc or any other ISP's would NOT include a case their customer has a FW to terminate the circuit. Never assume they're used as VIPs. Their explanation, as the diagram indicates, assumes a "router" terminates the circuit, let's say a cheap Linksys or TP-Link router, which can only route the additional subnet to LAN side. In that case, you have to assign it on the LAN interface.

With VIPs, the additional public IPs never leave the FGT. Just stay inside of it.

 

If you still have some doubt, you can configure a VIP to one device, get a maintenance window, then swap it with the current router/FW they have then verify it actually works.

 

Or open a ticket at TAC and ask them. They would say exactly the same.

 

Toshi

View solution in original post

2454
12 REPLIES 12
Technigogo
New Contributor
In response to Toshi_Esumi

Created on ‎07-06-2023 05:37 AM

Toshi, your patience is impressive. Thank you.

 

I want to put this more into layman's terms for anyone facing the Google Fiber Static IPs. In short, it is MUCH simpler than you think!

 

Set your WAN interface to DHCP per Google instructions. All you have to do for the block of Static IPs is add them to the IP Pools. As Toshi pointed out, you can use the entire block. Once they are there, you can use them in VIPs.

 

IP Pool.png

522
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Technigogo

Created on ‎07-06-2023 08:09 AM Edited on ‎07-06-2023 08:10 AM

It's not only for Google Fiber, but also for virtually any ISPs who offer static IPs with a /30 interface subnet + a /29 or /28 or more additional subnets, you can do the same.

 

Toshi

516
sw2090
SuperUser
SuperUser
In response to Technigogo

Created on ‎07-06-2023 11:25 PM

To be exact:

you can only use 6 out of 8 ips of a /29 because first ip is the network address and the last is the broadcast addess. These cannot be assigned to devices/interfaces of course.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
510
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.