Hello,
I have a FGT 60F and have multiple WAN IP configured on WAN1
(Network >> Interfaces >> WAN1 ; Manual settings + "Secondary IP address" configured
Is this the right way to configure it?
The second thing:
one internal IP should route all traffic over the second WAN IP Address and all the other internal devices should route over the "normal/default" WAN IP.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are the IP's in the same subnet? If so I'd configure the subnet on the wan interface with the first IP and provided subnet mask. Use an IP Pool specifying the second IP address and use it in policy for the single device. In this case, if you needed the second IP to have an admin function, then list it as a secondary IP (eg. ping).
If you are just trying to use the two IP addresses as NAT IPs, not need to do that. Simply put the one IP address on WAN1 then in the firewall policies just enable NAT with "Use Outgoing Interface Address" for the devices that you want to use that IP.
For the other IP address, create an IP Pool. You can then create firewall policies for those hosts and when you enable NAT, select "Use Dynamic IP Pool" and use your IP Pool instead of "Use Outgoing Interface Address"
Are the IP's in the same subnet? If so I'd configure the subnet on the wan interface with the first IP and provided subnet mask. Use an IP Pool specifying the second IP address and use it in policy for the single device. In this case, if you needed the second IP to have an admin function, then list it as a secondary IP (eg. ping).
Is this the right way??
(exemple IPs used)
WAN 88.88.77.70 / 255.255.255.248
GW 88.88.77.69
I want to use 88.88.77.70 & 88.88.77.71
Configuration:
Network > Interfaces > WAN1
Static Route
IP Pool
Hi @FGTuser0
In general yes that would be correct, with you selecting the IP Pool in the IPv4 policy.
I think the first thing to confirm is your actual subnet info as when I double-checking the usable range would be x.x.x.65-x.x.x.70 for the x.x.x.64/29 subnet. This would mean that your gateway would typically be the x.x.x.65 and the broadcast address would be x.x.x.71 which cannot be used as an IP. I'd use x.x.x.66 as the IP on the wan interface and x.x.x.67 as the second IP for the IP Pool.
But please double-check your subnet info and my math before implementing. :)
Hope that helps!
Thanks!
IP's in the screenshots are not the actual IP's. :)
No problem! That's good to know. :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.