Hi all,
I have searched for this in the forum and internet without much success so just wanted to clarify that i AM doing this the right way.
I've got a WAN connection (say 1.1.1.1) and i've got an internal IP of a device on 192.168.70.50. I have added a secondary IP to that WAN interface of 1.1.1.2 and i want to route the 192.168.70.50 out of that ip (1.1.1.2) so i've added a policy route with the incoming interface as the Data Internal interface (which is what the 192.168.70.50 is connected to) and a source address of 192.168.70.50/255.255.255.255, then a destination address of 0.0.0.0/0.0.0.0 and in the outgoing interface i've selected the WAN interface and then set the gateway address as 1.1.1.2 ?
I've ran packet trace and i can see packets coming INTO 1.1.1.2 to 192.168.70.50 but nothing going out.
Have i configured this correctly or am i missing anything ?
I'm not that familiar with Fortigate products (model is a 60E on V7 software by the way)
Thanks all
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi ForgetItNet,
"Gateway" is the IP of the next-hop (presumably the IPS router/modem), so that would not be correct if the 1.1.1.2 IP is "owned" by your device on the WAN interface.
What you should do instead is create a new IP pool, set it to the "range" 1.1.1.2-1.1.1.2, and then in the appropriate firewall policy for the client 192.168.70.50 you enable source NAT and switch it to using your new IP pool (instead of the default option "use outgoing interface IP").
Here's some older, but still good, documentation:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/476781/ipv4-pools
Hi ForgetItNet,
"Gateway" is the IP of the next-hop (presumably the IPS router/modem), so that would not be correct if the 1.1.1.2 IP is "owned" by your device on the WAN interface.
What you should do instead is create a new IP pool, set it to the "range" 1.1.1.2-1.1.1.2, and then in the appropriate firewall policy for the client 192.168.70.50 you enable source NAT and switch it to using your new IP pool (instead of the default option "use outgoing interface IP").
Here's some older, but still good, documentation:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/476781/ipv4-pools
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.