Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ITadm
New Contributor II

How to check WAN public IP

Hello, 

 Is there any way to check my public IP on backup WAN interfaces using only FG cli? I have 2 backup WAN connections behind NAT (so I can see only local IP in settings), if I could only use a command like this: 

 

nslookup myip.opendns.com. resolver1.opendns.com

 

with ability to choose interface it'd be great. I'd prefer to avoid turning off the main WAN connection and checking it from a host because I have a few locations and they have to be available 24/7. I'm using 60E Firewalls with latest OS.

 

Thanks in advance! 

5 REPLIES 5
sw2090
Honored Contributor

hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Toshi_Esumi
Esteemed Contributor III

There was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though.

# config sys int

# edit ?

The list includes IP addresses pulled via pppoe and dhcp.

 

Dave_Hall

Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt. 

 

As Toshi indicated, you can get the IP information for the interfaces - you can also use get sys int, but it provides a bit more info than you may want.  But if these are NAT devices then you may If you want the route/gateway info, use: get router info routing-table details

 

If you want to set up or give these backup WAN devices DDNS host names, see KB #FD41601

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
ITadm
New Contributor II

Thank you for the responses.

Toshi Esumi wrote:
There was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though. # config sys int # edit ? The list includes IP addresses pulled via pppoe and dhcp.

Unfortunately, all of my backup WAN connections are behind NAT, there is a separate small subnet network between fgt and gsm modem :(.

 

Dave Hall wrote:

Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt. 

That's exactly how it works in my case as I use mostly GSM backup so WAN2 port is connected to a gsm modem behind NAT and with port forwarding for site to site VPN and web mgmt access for specific IPs. I have to set up backup vpn tunnels and create some basic ping monitors (from the main location to public IPs). I didn't get any info about the IPs from previous admin and that's why I'm trying to find a creative and non-invasive way to get it :).

 

sw2090 wrote:
hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).

Well, I'm not using SDWAN, only link-monitor with update-cascade-interface & update-static-route.

 

So, I think that I have two options left:

1. Adding a non-responsive address to ping on main WANs link-monitor to start using backup WAN then connect to a workstation and check it

2. Creating an additional vpn tunnel including this small subnet between fgt and gsm modem so I can access the modem from the main location and check public IP

 

I choose the second option :)

 

Thanks for your suggestions!

FNT_Learner
New Contributor III

hello, 

please try these commands.

# diagnose sys waninfo
# diagnose sys waninfo ipify

Labels
Top Kudoed Authors