- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Presenting public IPs to another router behind a Fortigate
Hello everyone,
I have been asked to give 2 tenants in our building public IP ranges for their use.
Tenant 1 wants 5 public IP addresses and tenant 2 wants 12 public IP addresses
We have 32 public IP's of which we are using 5 on a Fortigate 100D v5.0.9
They must have public IP's and not nat'ed private addresses.
How would I configure this.
Thanks
Solved! Go to Solution.
- Labels:
-
5.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I suggest that you put a switch behind the access router and from there run lines to
[ul]
This way, the public IPs stay untouched (ie. no NAT). tenant1 needs a /29 subnet with 6 usable IPs, tenant2 a /28 subnet with 14 usable IPs, and you keep a /28 subnet with 14 usable IPs as well. Each subnet uses 1 address for the ISP gateway and one for it's router.
Splitting up subnets really costs addresses. Seems in some parts of the world IPv4 addresses still are abundant...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there anyone who can help me with this??
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I suggest that you put a switch behind the access router and from there run lines to
[ul]
This way, the public IPs stay untouched (ie. no NAT). tenant1 needs a /29 subnet with 6 usable IPs, tenant2 a /28 subnet with 14 usable IPs, and you keep a /28 subnet with 14 usable IPs as well. Each subnet uses 1 address for the ISP gateway and one for it's router.
Splitting up subnets really costs addresses. Seems in some parts of the world IPv4 addresses still are abundant...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ede_pfau,
I have tried your suggestion but it's not working for me. I have found out the ISP supplied the Fortigate and set it up with 2 vdoms.
vdom 1 (router-isp) has a BGP route with our public IP network assigned.
vdom 2 (root-cust) has a link to vdom 1 with all our public IP's defined.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With this scenario I'd get into touch with your ISP and ask them how they had planned a setup like this. A VDOM setup shows that they already intended a multi-tenant setup. They surely have this already running in other places.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply.
I got on to the ISP and they said that because we had a large range they setup the vdom's.
For a fee they will change the Fortigate setup so I guess I'll get them to make the changes.
Thanks
