Hello,
Is there any way to check my public IP on backup WAN interfaces using only FG cli? I have 2 backup WAN connections behind NAT (so I can see only local IP in settings), if I could only use a command like this:
nslookup myip.opendns.com. resolver1.opendns.com
with ability to choose interface it'd be great. I'd prefer to avoid turning off the main WAN connection and checking it from a host because I have a few locations and they have to be available 24/7. I'm using 60E Firewalls with latest OS.
Thanks in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
There was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though.
# config sys int
# edit ?
The list includes IP addresses pulled via pppoe and dhcp.
Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt.
As Toshi indicated, you can get the IP information for the interfaces - you can also use get sys int, but it provides a bit more info than you may want. But if these are NAT devices then you may If you want the route/gateway info, use: get router info routing-table details
If you want to set up or give these backup WAN devices DDNS host names, see KB #FD41601.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Thank you for the responses.
Toshi Esumi wrote:
There was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though. # config sys int # edit ? The list includes IP addresses pulled via pppoe and dhcp.
Unfortunately, all of my backup WAN connections are behind NAT, there is a separate small subnet network between fgt and gsm modem :(.
Dave Hall wrote:That's exactly how it works in my case as I use mostly GSM backup so WAN2 port is connected to a gsm modem behind NAT and with port forwarding for site to site VPN and web mgmt access for specific IPs. I have to set up backup vpn tunnels and create some basic ping monitors (from the main location to public IPs). I didn't get any info about the IPs from previous admin and that's why I'm trying to find a creative and non-invasive way to get it :).Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt.
sw2090 wrote:
hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).
Well, I'm not using SDWAN, only link-monitor with update-cascade-interface & update-static-route.
So, I think that I have two options left:
1. Adding a non-responsive address to ping on main WANs link-monitor to start using backup WAN then connect to a workstation and check it
2. Creating an additional vpn tunnel including this small subnet between fgt and gsm modem so I can access the modem from the main location and check public IP
I choose the second option :)
Thanks for your suggestions!
hello,
please try these commands.
# diagnose sys waninfo
# diagnose sys waninfo ipify
I love this option, I have tried it on my setup and I exeute:
#diagnose sys waninfo ipif wan2
so, it gave me all details about the public IP even it's the backup link behind ISP modem and NAT
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1094 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.