Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to use multiple static WAN IP addresses on a Fortigate?

I'm in the process of getting familiar with the Fortigate UI, and the nomenclature differences between it and my old firewall is hobbling me a bit. I'm hoping someone can kindly point me in the right direction on how to do what I'm looking to do.

I have five static public IP addresses (let's say 209.x.x.1, 209.x.x.2, 209.x.x.3, etc). I'd like for outgoing traffic coming from subnet to have a public IP 209.x.x.1. I'd then like for outgoing traffic coming from subnet to use the public IP of 209.x.x.2. And so forth. (This is just a rough example.)

How do I achieve this on Fortigate? Thank you!

Esteemed Contributor II

Relatively simple. Basic steps are below:
1. Create an IP Pool per each outside IP

2. Create a policy and specify the source with each internal subnet and other as you would do for any regular outgoing policies, then at the NAT section, select "Use Dynamic IP Pool" and select one of IP Pools you created.




As Toshi outlined above, five pools, and then five policies (one for each internal network) with a specific NAT pool would do it.

You could also look into Central NAT - that would let you create centralized NAT rules independent of policies (so subnet A would always be NATed to public IP A, and B NATed to B, etc, and you could have a single policy for subnets A-E going out), if you're going to have complex NAT requirements and don't want to handle those via separate firewall policies.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++