Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What exactly are you trying to do? Are you trying to setup a separate lan (subnet) say on another physical port on the 60E? Are you you running out of leased (DHCP) IP addresses for client devices?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Based on the information you provided, I don't think you need *another* subnet so much as you need a *larger* subnet. You could simply expand it to a /23 or /22 and leave your gateway at the same address. Old DHCP or static clients would still reach the gateway but they might begin to have trouble reaching other clients in the expanded space until you updated their subnet mask (either via DHCP renewal or manually if they are static).
lobstercreed wrote:This approach would only work with prior planning being that there may not be free room in the 192.168.2.0/24 range.Based on the information you provided, I don't think you need *another* subnet so much as you need a *larger* subnet. You could simply expand it to a /23 or /22 and leave your gateway at the same address. Old DHCP or static clients would still reach the gateway but they might begin to have trouble reaching other clients in the expanded space until you updated their subnet mask (either via DHCP renewal or manually if they are static).
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Depending on Marius's response, if he is running out of IP leases, I would suggest for a short term solution is to shorten the lease time to say 1-2 days.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
I don't need separate lan, I will use the same LAN port on Fortigate. I only want for example move my camera's IP to 192.168.2.x subnet and I want access them from 192.168.1.x subnet. I use the same Fortiagate gateway 192.168.1.1.
serfasit wrote:
I don't need separate lan, I will use the same LAN port on Fortigate. I only want for example move my camera's IP to 192.168.2.x subnet and I want access them from 192.168.1.x subnet. I use the same Fortiagate gateway 192.168.1.1.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hello,
I using fortigate only for Gateway (IP 192.168.1.1), I have AD server (192.168.1.2) with DHCP enable on it. And DHCH IP adresses are enough for me.
But I want move my hardware IP adresses (for example Ip cameras, printers and ect) to other subent example 192.168.2.x.
But then I configure my camera and added IP for example 192.168.2.2 I can't ping from my computer (for example computer IP 192.168.1.42 DHCP from my AD server).
What is the best way to reach subnet 192.168.2.x from my network?
The proper ideal way to separate your server, cameras, printers from your client devices is to place them on a separate cabled network (e.g. dividing up your switches and use at least two ports on the fgt device and a firewall policy for communicating between the two subnets or setup vlans.
If you simply want to create an IP space separation between servers/printers/devices and still be able to have them communicate with the other devices you need to enlarge the IP scope and adjust the subnet mask accordingly. You basically keep the same default GW address, but change the net mask.
Keep in mind that devices are only able to communicate with each other directly if they are detected on the same network (based on network/net mask) - otherwise communications is routed through the default gateway address.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hi,
So all what I need to do is simple change Fortigate net mask?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.