I have a FortiWifi 90D in an environment as follows:
ISP Gateway not under my control: 10.10.40.1/255.255.255.252 (routing 194.x.x.64/255.255.255.224 to 10.10.40.2)
Wan IP: 10.10.40.2/255.255.255.252
The idea behind our somewhat exotic configuration is to use all of our public IP addresses behind our firewall.The problem with it is that the FortiWifi doesnt have a public IP address on the WAN interface.
Before the FortiWifi we had a Linux server with Shorewall acting as a firewall and there I just set up some NAT:ing to make it work.Some of it I can replicate on the FortiWifi but not all.
1. All the traffic from Internal1 to WAN is NAT:ed to show 194.x.x.65 as source. This was not a problem on the FortiWifi.
2. The traffic from the firewall to WAN was also NAT:ed to show 194.x.x.65 as source. This I could not figure out how to do on the FortiWifi. (example traffic: FortiWifi->FortiCloud)
3. All the traffic to 194.x.x.65 should be received by the Internal2 interface. On the old firewall this was just done by allowing the traffic to be routed and was then received by the internal interface with the public address. This was partly solved on the FortiWifi by using a VIP to map 194.x.x.65 to 10.10.40.2. But now 194.x.x.65 cant be accessed from the internal interfaces. (example traffic: SSL VPN)