Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
spmbalamurugan
New Contributor

Created on ‎01-22-2025 02:53 AM

Need to configure WAN side LAN IPs under firewall

I asked for an extra IP from the ISP. For that they had given me /29 IP block.

They said that they will work under the old pilot IP which was already given by ISP. 

 

That IP was configured  WAN1 and internet are working well. But I need to use that additional IP under firewall.

Because i am going to host one web application server. For that server i need to configure public IP directly.

If it comes under the server means i can able manage and control who are all want access the app server.

 

I am using FG101E.

 

Labels:
282
0 Kudos
3 REPLIES 3
fricci_FTNT
Staff
Staff

Created on ‎01-22-2025 05:21 AM

Hello @spmbalamurugan ,
If my understanding is correct, your ISP has provided you a /29 subnet that you can use for your internal servers. If that is the case, you can configure a VIP on your FortiGate that will forward traffic from that VIP to your web application server. You can then configure proper firewall policies for the web application access.
You may find the below article useful:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...

Best regards

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
265
dingjerry_FTNT
Staff
Staff

Created on ‎01-22-2025 08:42 AM

Hi @spmbalamurugan ,

 

If you can use one WAN interface only, you may configure the second /29 IP block to your current WAN interface as the secondary IP.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interfac...

Regards,

Jerry
214
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎01-22-2025 11:58 AM

It's common way for an ISP provide additional IPs (a block of IPs) over the interface subnet (/30 ro /31). Packets destined to those totally 8 IPs (full /29 subnet IPs) would be delivered to your wan interface IP so that you can either route them through a LAN side interface or map them to private/internal IPs by VIPs.
If you want the server to have one of /29 IPs without a VIP, you can assign one of the /29 IPs on the FGT LAN interface (or a VLAN interface) and make it the server's GW IP. That's the traditional way to do "routing" the public IPs when an L3 router without VIP capability terminates the ISP interface.

 

Toshi

203
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.