Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Forward inbound traffic from secondary WAN IP address to specific local host

Hello everybody,


I have a FortiGate 60F appliance and I have my WAN interface configured with a secondary IP address. Previously, I had only one web server on my local network with ports forwarded from the main WAN IP address to the web server's local IP address and ports. 


What i need to do and haven't found anything that could help me in the docs, is to forward all the inbound requests that come through the secondary WAN IP to another web server.


I've tried with a VIP to map the secondary WAN IP address as the external IP and my new web server's local IP and the corresponding firewall policy, but no luck so far.


Is it possible to do this?


Thanks in advance.


As long as the internet can reach the secondary wan IP, the VIP can use this secondary IP as an external IP.  If it doesn't work, I suggest checking the configuration of VIP. 

If there is no problem with the configuration, it is recommended to capture packets for analysis:

# diagnose sniffer packet any "host x.x.x.x" 4 0 l







Hey JdGoe,

in addition to what Kangming mentioned (setting up a VIP to map your external secondary WAN IP to an internal server), you might also want to ensure that your ISP is properly routing the secondary IP and you're receiving requests for the secondary IP in the first place.

The 'diagnose sniffer' command Kangming mentioned can help you see if requests for the public, secondary WAN IP make it to the FortiGate.

If they do, after that further processing is up to the FortiGate policies and VIP configuration.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++