Hi Forti-Gurus ;)
I have got a Forti VM. The WAN-Port of the Forti (IP 62.1.2.3) is connected to a Cablemodem (=GW: 62.1.1.1).
There are a hand full of policies which define how to handle outgoing and incoming traffic (VIP, PAT, NAT).
Now we got an additional subnet from our provider, which is used via the same Cablemodem. These IPs are not in the 62.1.1.1 subnet. Lets say an IP from the additional subnet is 195.3.3.3.
We would like to configure a VIP / PAT which says: If there is a request via WAN to the IP 195.3.3.3 use VIP / PAT to connect to a server in the DMZ (for example: 10.0.0.3).
The Problem: We can do this with the 62.1.2.3 - IP, but the IPs from the Subnet cannot be used. (No answer, even when setting up policies with VIP / PAT.)
How can I make the Fortigate to react to the IPs from the additional Subnet. There is only one WAN Port, only one connection to the cablemodem.
Thanks a lot!
Hi Sir,
I have the same issue. can you explain more your solution.
For outbound, the firewall needs to know the route for the new subnet is out the WAN1 interface. You can add a secondary IP address within this new address space or create a static route for it using the WAN1 interface as the device. That should work and eliminate the need for the IP Pool.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.