Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gray6
New Contributor

How to use multiple static WAN IP addresses on a Fortigate?

I'm in the process of getting familiar with the Fortigate UI, and the nomenclature differences between it and my old firewall is hobbling me a bit. I'm hoping someone can kindly point me in the right direction on how to do what I'm looking to do.

I have five static public IP addresses (let's say 209.x.x.1, 209.x.x.2, 209.x.x.3, etc). I'd like for outgoing traffic coming from subnet 10.1.1.1/24 to have a public IP 209.x.x.1. I'd then like for outgoing traffic coming from subnet 10.2.1.1/24 to use the public IP of 209.x.x.2. And so forth. (This is just a rough example.)

How do I achieve this on Fortigate? Thank you!

omeglexender
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Relatively simple. Basic steps are below:
1. Create an IP Pool per each outside IP

2. Create a policy and specify the source with each internal subnet and other as you would do for any regular outgoing policies, then at the NAT section, select "Use Dynamic IP Pool" and select one of IP Pools you created.

 

Toshi

Debbie_FTNT
Staff
Staff

As Toshi outlined above, five pools, and then five policies (one for each internal network) with a specific NAT pool would do it.

You could also look into Central NAT - that would let you create centralized NAT rules independent of policies (so subnet A would always be NATed to public IP A, and B NATed to B, etc, and you could have a single policy for subnets A-E going out), if you're going to have complex NAT requirements and don't want to handle those via separate firewall policies.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors