Hello
I´m new to this Forum and to FortiNet Produkts!
I´m trying to manage 5 public IP´s through the Fortigate60D and it would be nice if someone could help me with this configuration.
5 Ip´s : x.x.81.34 - x.x.81.38/29
Gateway: x.x.81.33
And I want
x.x.81.34 for my Private use.
x.x.81.35 for my Webshop
x.x.81.36 for surveillance
I tried to funnel the traffic with VIP´s but that didnt work out. I think I missunderstood the function of VIP´s.
FortiOs is @ 5.6.3
Hopefully someone can help me with this little issue or tell me some resources where I could learn about this specific topic.
Greetings Keechi
Is this /29 the only public IPs you got from your ISP? Or you got a different IP in a /30 (likely pulled via DHCP or PPPoE) on the main wan interface and this /29 is an additional subnet from your ISP?
Yes I got a totally different IP from DHCP and the ISP does the rest, thats what they told me.
Yesterday I spoke to the ISP and they told me that I need 1 Router at x.x.81.33, and for each other IP I want to use I need another router but I think (don´t know) that this could be achieved by just 1 good FortiGate.
Wait, if they actuall said you needed 1 router at x.x.81.33, that's not the GW at your ISP. There needs to be another IP within the /29 as a GW on the ISP or ISP device side, unless you got another /30 subnet to get to ISPs GW device. Are you sure about that?
+1
If the ISP said the gateway is .33, why would you need another router at that address? If you are supplying the gateway, then they would need to give you yet another gateway address. That makes no sense to me either. One Fortigate with a bunch of VIP definitions should easily handle this case.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Ok, I didn't read you wrote "got a totally different IP from DHCP". So the Fortigate must have gotten a GW IP via DHCP and set up the default route. Then you should be able to map any IPs in the /29 with VIP statements by following online help:
By the way the online help has only one line mentioning about policy. But there needs to be a policy (or a set of policies) to utilize the VIP objects you create in the direction wan1/2 -> lan/internal without NAT (unless you want to do SNAT to hide the source IP) and you need to specify the VIP(s) at Destination.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.