Fortigate 60E Setup 2nd Static WAN IP for one VLAN for shared office space
We have a client with a Fortigate 60e as well as FortiSwitches. They are allowing a company that is renting space at their building to share their internet connection. They have a block of 5 Static IPs from their ISP and the company that is renting the space is asking for a static IP for their network (separate VLAN with one uplink from their Unifi switch back to our client's FortiSwitch) that will also allow them to do port forwarding for some cameras. What is the best way to accomplish this? Thanks in advance!
To me the best option would be asking the ISP to provide a /30 additional routable subnet behind the existing subnet(behind one of those 5 IPs) so that the 60E has the GW IP and the tenant takes another IP in the /30.
You didn't mention how many IPs out of those usable 5 IP (a /29 and the ISP has a GW IP) are currently used. But if any IPs are available, you could terminate(phisically) the existing circuit by a switch instead of the 60E then span the /29 network to the customer device/Unifi switch from the switch. But with this way, your client can't control how much circuit bandwidth the tenant could use at the 60E.
You could also create a 2-port hardware switch on the 60E. Plug the ISP into one of the ports and the downstream link to the shared tenant into the other ports. Because it's a HW switch, the tenant will be able to use one of the public IP addresses.
This of course assumes you are provided a /29 from the ISP (i assume so based on the fact you have 5 usable IPs)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.