Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
djmax
New Contributor

Created on ‎01-15-2016 12:41 AM

External IP's

Good day to everybody, iam newbie at forti-os, so please be patient.. :) Nees one solution ASAP, please help... :( 

 

I have FG100D DHCP server is on domain controller, i have one WAN connection and my ISP provides ip address range x.x.x.10-x.x.x.22 all network traffic goes thru IP x.x.x.10, i have one server that should be connected directly to extarnal IP adress without NAT, I can do it placing switch behind ISP optical converter and just configure interface in my server, but i would like traffic goes thru my firewall, so how this idea can be realised? Can you describe how cah i do it thru FG web interface - step-by-step.

Would really appreciate it.

 

Thank you.

7229
0 Kudos
5 REPLIES 5
ede_pfau
SuperUser
SuperUser

Created on ‎01-15-2016 04:35 AM

hi,

 

and welcome to the forums.

There is a solution which would connect your server to the router via a "transparent VDOM" but...this setup is not simple. As I'm not sure what your requirements are, let me ask: why not NAT? Can't the server use a private address, or one of your public addresses (say, 1.2.3.4), while you NAT it to another public address (say, 1.2.3.5)?

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3215
0 Kudos
ponder
New Contributor III

Created on ‎01-17-2016 07:02 AM

I think one way you could do this is by connecting the server to another router and the router to a spare port on the Fortigate.

 

The port on the Fortigate needs to have a random /31 IP on it, the router the other IP from /31 range.  The server can be connected to this router and use a /31 again for the router and server connection.  The public IP on the router will over lap with the IP in the rest of your network, but as long as the server never needs to reach that 'real' IP it won't matter.  The Fortigate needs to be configured with a static route pointing x.x.x.server/32 to the the random /31 IP used for the router and the router needs a default route back to the random /31 on the Fortigates' interface.

 

You can then configure policies needed between External port and the new port where the server is.

 

Does that make sense at all?  I can't say I have tried this, but logically I think it should work... 

 

3215
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to ponder

Created on ‎01-17-2016 07:23 AM

I think the OP should clarify the "no NAT" issue first before we can proceed.

 

@ponder, routing across a transfer network has the same consequences as NATting, namely the server will not have the public IP assigned to it's interface. As I've understood the post that's violating OP's requirement.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3215
0 Kudos
ponder
New Contributor III
In response to ede_pfau

Created on ‎01-17-2016 08:10 AM

@ede_pfau the public IP would still be on the server.  Maybe my explanation was not the best. :(

 

 

3215
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to ponder

Created on ‎01-17-2016 10:22 AM

@ponder: You're right, I haven't understood your concept yet.

The thing is: the public IP is assigned to a Fortigate port. Then, some intermediate ("transfer net") addresses follow, and the server will have another address - which cannot be the same, or the routing will not work.

Seems I'd better wait until OP has commented.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3215
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.