- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 200E, 2 ISPs, and an owned public IP block - config assistance
I've got a customer that has 2 FGT200E in an HA pair running 7.2.5. They also have 2 ISP connections. Right now each ISP connection goes into a Cisco ISR, so there are 2 of those in place. The ISRs do nothing except route from the ISP IP address block to the customer's own public IP block. Maintaining licensing and such on these is very expensive and their configuration/maintenance is also difficult so we would like to remove them and host the public IP block on the Fortigate.
The public IP block they own is currently assigned to the WAN interface of the Fortigate, with each ISR having the ISP IPs connected. This way their site to site VPNs, etc. all use the IP block that the customer owns.
I feel like there are probably a couple of different ways to do this but am hoping someone here has a 'known best practice' type deal for this sort of situation.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello JasonBurns,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We are still looking for an answer to your question.
We will come back to you ASAP.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ended up figuring it out with help from a guy on Reddit. I setup BGP to advertise the public block and used VIPs with their public block for WAN accessible services. Also used a VIP to handle SSLVPN traffic. Fortinet is working on a solution for IPSEC VPNs in their lab, as VIPs didn't work properly for this traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello again,
Thank you for the follow up! Glad that you found a solution.
Kindest regards,
