The client had a single IP from Google Fiber before my company took over support. We installed an 80F, and the "static" is issued by DHCP from Google Fiber on the WAN interface. We have upgraded their Google Fiber account to add 5 static IPs. The statics are in a different subnet.
I am unsure what to do. Very important - if I create VLAN(s) for the static IP(s), what will change for the static IP issued by DHCP over the WAN? All traffic is currently using that DHCP static IP, including VPN. Will that render that IP unusable since it becomes a gateway for the block of static IPs?
If the statics require VLAN, what interface? the main LAN or the WAN? What is the Role that I select: LAN? WAN? DMZ? Undefined?
Can this be done with VIPs or IP Pools? If IP Pools, what type do I use? One-to-One, Fixed-Port Range, or something else?
Here is Google's depiction of the necessary layout for using static IPs.
Solved! Go to Solution.
Created on 06-28-2023 09:22 AM Edited on 06-28-2023 09:23 AM
Google's doc or any other ISP's would NOT include a case their customer has a FW to terminate the circuit. Never assume they're used as VIPs. Their explanation, as the diagram indicates, assumes a "router" terminates the circuit, let's say a cheap Linksys or TP-Link router, which can only route the additional subnet to LAN side. In that case, you have to assign it on the LAN interface.
With VIPs, the additional public IPs never leave the FGT. Just stay inside of it.
If you still have some doubt, you can configure a VIP to one device, get a maintenance window, then swap it with the current router/FW they have then verify it actually works.
Or open a ticket at TAC and ask them. They would say exactly the same.
Toshi
Toshi, your patience is impressive. Thank you.
I want to put this more into layman's terms for anyone facing the Google Fiber Static IPs. In short, it is MUCH simpler than you think!
Set your WAN interface to DHCP per Google instructions. All you have to do for the block of Static IPs is add them to the IP Pools. As Toshi pointed out, you can use the entire block. Once they are there, you can use them in VIPs.
Created on 07-06-2023 08:09 AM Edited on 07-06-2023 08:10 AM
It's not only for Google Fiber, but also for virtually any ISPs who offer static IPs with a /30 interface subnet + a /29 or /28 or more additional subnets, you can do the same.
Toshi
To be exact:
you can only use 6 out of 8 ips of a /29 because first ip is the network address and the last is the broadcast addess. These cannot be assigned to devices/interfaces of course.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.