Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Secondary IP on WAN interface (same subnet)

Hello all


I have been struggling to understand the discussion about secondary IPs in Fortigate.


I am used in the linux environment that using a secondary IP addresses or even more than two (of the same subnet) to allow you to bind services to a specific IP address and have that service be reachable using that IP.


I would have argued that its pretty much the same with Fortigate, right?
If I have a second IP (or even more) on the WAN interface of a fortigate (within the same subnet), this allows me to offer services on either of those public IP addresses - either behind Fortigate (likely with NAT involved) or within Fortigate (eg. one IP for Hub&Spoke, one IP for IPSec Site2Site, one IP for VPN SSL, etc.).


Am I totally wrong or am I missing something crucial here?


P.S.: I am aware that having multiple IPs on one interface from different subnet might pose a another issue/discussion/challenge.


Thanks a lot
best regards



Hi Team,


You can use secondary IP for different applications like VPN.

There should not be any issue for the same:

For example you can define secondary IP and add it as local gateway address in VPN:

If you face any challenge kindly explain what exactly you are facing


Hi Scheuri,


Basically a secondary IP address is a way to assign more than one IP address to a single interface.
There might be a question in your mind about what is exact senario where you configure it?

For example, you might have multiple subnets that you want to connect to using the same physical interface.
As per the Router IP, you can think of it as the network that your router is connected to.
In this case, if your router's private IP address is, then the Router IP would be
Or, you might want to run multiple services that each require their own IP address.