Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Keith42
New Contributor

Created on ‎04-14-2015 11:57 AM

Presenting public IPs to another router behind a Fortigate

Hello everyone,

 

I have been asked to give 2 tenants in our building public IP ranges for their use.

Tenant 1 wants 5 public IP addresses and tenant 2 wants 12 public IP addresses

We have 32 public IP's of which we are using 5 on a Fortigate 100D v5.0.9

They must have public IP's and not nat'ed private addresses.

 

How would I configure this.

 

Thanks

Labels:
4143
0 Kudos
1 Solution
ede_pfau
SuperUser
SuperUser

Created on ‎04-18-2015 05:28 AM

Hi,

 

I suggest that you put a switch behind the access router and from there run lines to

[ul]
  • your Fortigate
  • tenant1's router/fw
  • tenant2's router/fw[/ul]

     

    This way, the public IPs stay untouched (ie. no NAT). tenant1 needs a /29 subnet with 6 usable IPs, tenant2 a /28 subnet with 14 usable IPs, and you keep a /28 subnet with 14 usable IPs as well. Each subnet uses 1 address for the ISP gateway and one for it's router.

    Splitting up subnets really costs addresses. Seems in some parts of the world IPv4 addresses still are abundant...

    • Ede Kernel panic: Aiee, killing interrupt handler!

    View solution in original post

    Ede Kernel panic: Aiee, killing interrupt handler!
    2496
    0 Kudos
    5 REPLIES 5
    Keith42
    New Contributor

    Created on ‎04-17-2015 04:51 PM

    Is there anyone who can help me with this??

     

    Thanks

    2456
    0 Kudos
    ede_pfau
    SuperUser
    SuperUser

    Created on ‎04-18-2015 05:28 AM

    Hi,

     

    I suggest that you put a switch behind the access router and from there run lines to

    [ul]
  • your Fortigate
  • tenant1's router/fw
  • tenant2's router/fw[/ul]

     

    This way, the public IPs stay untouched (ie. no NAT). tenant1 needs a /29 subnet with 6 usable IPs, tenant2 a /28 subnet with 14 usable IPs, and you keep a /28 subnet with 14 usable IPs as well. Each subnet uses 1 address for the ISP gateway and one for it's router.

    Splitting up subnets really costs addresses. Seems in some parts of the world IPv4 addresses still are abundant...

    • Ede Kernel panic: Aiee, killing interrupt handler!
    Ede Kernel panic: Aiee, killing interrupt handler!
    2497
    0 Kudos
    Keith42
    New Contributor

    Created on ‎04-19-2015 08:07 AM

    Hi ede_pfau,

     

    I have tried your suggestion but it's not working for me. I have found out the ISP supplied the Fortigate and set it up with 2 vdoms.

    vdom 1 (router-isp) has a BGP route with our public IP network assigned.

    vdom 2 (root-cust) has a link to vdom 1 with all our public IP's defined.

    2456
    0 Kudos
    ede_pfau
    SuperUser
    SuperUser

    Created on ‎04-19-2015 11:40 PM

    With this scenario I'd get into touch with your ISP and ask them how they had planned a setup like this. A VDOM setup shows that they already intended a multi-tenant setup. They surely have this already running in other places.

    Ede Kernel panic: Aiee, killing interrupt handler!
    Ede Kernel panic: Aiee, killing interrupt handler!
    2456
    0 Kudos
    Keith42
    New Contributor

    Created on ‎04-21-2015 08:51 AM

    Thanks for the reply.

    I got on to the ISP and they said that because we had a large range they setup the vdom's.

    For a fee they will change the Fortigate setup so I guess I'll get them to make the changes.

     

    Thanks

    2456
    0 Kudos
    Announcements
    Check out our Community Chatter Blog! Click here to get involved
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.