How do i set a IP pool address as a local IP address in 7.2.10 Release?

jba · ‎11-05-2024

How do i set a IP Pool address in FortiOS 7.2.10 as a local address in a 120G?

120G considers them as a external address.

Thanks in advance

Toshi_Esumi · ‎11-06-2024

No. This is the way for IP pool to work for SNAT. DHCP's pools are configured under

config system dhcp server

Not in a policy.

Toshi

jba · ‎11-06-2024

all tested at 80G

Now, i created a VLAN5 172.17.5.0/24 with interface IP 172.17.5.1.
I created a new rule 'VLAN5', allow traffic from internal to VLAN5 with source/destination and can ping the VLAN5 interface 172.17.5.1 from internal if enabled.

Now i create a SNAP IP Pool 172.17.5.2 and use this as a NAT / SNAT IP in rule 'VLAN5'.

From the earlier information, I should be able to reach the IP pool address 172.17.5.2 from the internal lan via icmp.

But that doesn't work either.

Toshi_Esumi · ‎11-06-2024

I was thinking I would have to test it myself to confirm. But I found an old discussion about "pining ippool IP".
https://community.fortinet.com/t5/Support-Forum/ping-restriction-to-IP/td-p/22013

ippool IP is generally not attached to any interface (just SNAT IP) you wouldn't be able to ping unless that specific IP is mapped to something more tangible, like VIPed (mapped) to a physical device with a different policy on opposite direction.

Tosh

jba · ‎11-06-2024

Thanks for the information.

Currently only the 80F model replies on a internal ping to a IP Pool address and the 120g doesn´t.

Yesterday i configured a VLAN with the IP Range i need and added a second IP address to this VLAN. From the other side of the s2s tunnel i am able to ping this second IP address and monitor the tunnel. Even if ithe VLAN is not connected to any interface right now.

This seems to work fine.

How do i set a IP pool address as a local IP address in 7.2.10 Release?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website