Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JasonBurns
New Contributor II

Created on ‎06-26-2023 05:47 AM

Fortigate 200E, 2 ISPs, and an owned public IP block - config assistance

I've got a customer that has 2 FGT200E in an HA pair running 7.2.5.  They also have 2 ISP connections.  Right now each ISP connection goes into a Cisco ISR, so there are 2 of those in place.  The ISRs do nothing except route from the ISP IP address block to the customer's own public IP block.  Maintaining licensing and such on these is very expensive and their configuration/maintenance is also difficult so we would like to remove them and host the public IP block on the Fortigate.

 

The public IP block they own is currently assigned to the WAN interface of the Fortigate, with each ISR having the ISP IPs connected.  This way their site to site VPNs, etc. all use the IP block that the customer owns.

 

I feel like there are probably a couple of different ways to do this but am hoping someone here has a 'known best practice' type deal for this sort of situation.

Labels:
1062
0 Kudos
4 REPLIES 4
Jean-Philippe_P
Moderator
Moderator

Created on ‎06-28-2023 11:38 PM

Hello JasonBurns, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
1021
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎07-03-2023 12:20 AM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

 

Thanks,

Jean-Philippe - Fortinet Community Team
980
0 Kudos
JasonBurns
New Contributor II

Created on ‎07-03-2023 05:52 AM

I ended up figuring it out with help from a guy on Reddit.  I setup BGP to advertise the public block and used VIPs with their public block for WAN accessible services.  Also used a VIP to handle SSLVPN traffic.  Fortinet is working on a solution for IPSEC VPNs in their lab, as VIPs didn't work properly for this traffic.

970
Jean-Philippe_P
Moderator
Moderator

Created on ‎07-03-2023 05:55 AM

Hello again,

 

Thank you for the follow up! Glad that you found a solution.

 

Kindest regards,

Jean-Philippe - Fortinet Community Team
967
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.