Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kingpin
New Contributor

SUBNET

help me guys im new with fortinet my question is i have existing router MIKROTIK i have 16 subnet all connected in one interface but planning all to transfer  in fortinet 200e the same configuration because some of my switch is not manage switch. how to config one interfaces with 16 subnet thanks 

13 REPLIES 13
emnoc
Esteemed Contributor III

You do secondaries . I believe you can do up to 16 secondaries per interface

 

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/Interfaces/Secondary%2...

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Toshi_Esumi
SuperUser
SuperUser

The max value doc for 6.0 says up to even 32/interface.

https://help.fortinet.com.../6-0-0/max-values.html

kingpin

thanks for your reply but. what i need is i can configure in one interface the vlan. more that 16 subnet but my question is not working in ordinary switch. 

kingpin

my existing connection in one interfaces only all the 16 subnet are connected in one interfaces. i want to make the same in FGT so how. 

emnoc
Esteemed Contributor III

You need to explain your cfg secondarys are easier and vlans are easy we are not sure what your doing

 

e.g secondary

 

config system interface

    edit "dmz"

        set vdom "root"

        set ip 10.10.10.1 255.255.255.0

        set allowaccess ping https http fgfm capwap

        set type physical

        set role dmz

        set snmp-index 5

        set secondary-IP enable

        config secondaryip

            edit 1

                set ip 10.200.1.1 255.255.255.0

            next

            edit 2

                set ip 10.200.2.1 255.255.255.0

            next

            edit 3

                set ip 10.200.3.1 255.255.255.0

            next

            edit 4

                set ip 10.200.4.1 255.255.255.0

            next

            edit 5

                set ip 10.200.5.1 255.255.255.0

            next

            edit 6

                set ip 10.200.6.1 255.255.255.0

            next

            edit 7

                set ip 10.200.7.1 255.255.255.0

            next

            edit 8

                set ip 10.200.8.1 255.255.255.0

            next

            edit 9

                set ip 10.200.9.1 255.255.255.0

            next

            edit 10

                set ip 10.200.10.1 255.255.255.0

            next

            edit 11

                set ip 10.200.11.1 255.255.255.0

            next

            edit 12

                set ip 10.200.12.1 255.255.255.0

            next

            edit 13

                set ip 10.200.13.1 255.255.255.0

            next

            edit 14

                set ip 10.200.14.1 255.255.255.0

            next

            edit 15

                set ip 10.200.15.1 255.255.255.0

            next

            edit 16

                set ip 10.200.16.1 255.255.255.0

            next

            edit 17

                set ip 10.200.17.1 255.255.255.0

            next

        end

    next

end

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
kingpin
New Contributor

sir why do i need DMZ.? only i need to config internal connection between the 17 different ip address. i want all this can connect each other. 

 

thanks 

kingpin
New Contributor

Sir, Please check the image.  i  need all of my ip range connect in any port so how/?

 

https://www.google.com/search?hl=en-MY&tbs=sbi%3AAMhZZisGW4NxPAqcPh49p6fvWOCre25YhpSV_1JNUHakxGYDfba...

 

OneOfUs
New Contributor III

You can change the firewall from switch to interface mode:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD40353

 

Then you can use secondary IPs (subnet) on the Interface as suggested previously or you can a create VLAN interface for each subnet.

kingpin

thanks for the reply  here is my picture of my network that i want thanks

 

  https://www.google.com/search?hl=en-MY&tbs=sbi%3AAMhZZisGW4NxPAqcPh49p6fvWOCre25YhpSV_1JNUHakxGYDfba...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors