I have been struggling to understand the discussion about secondary IPs in Fortigate.
I am used in the linux environment that using a secondary IP addresses or even more than two (of the same subnet) to allow you to bind services to a specific IP address and have that service be reachable using that IP.
I would have argued that its pretty much the same with Fortigate, right? If I have a second IP (or even more) on the WAN interface of a fortigate (within the same subnet), this allows me to offer services on either of those public IP addresses - either behind Fortigate (likely with NAT involved) or within Fortigate (eg. one IP for Hub&Spoke, one IP for IPSec Site2Site, one IP for VPN SSL, etc.).
Am I totally wrong or am I missing something crucial here?
P.S.: I am aware that having multiple IPs on one interface from different subnet might pose a another issue/discussion/challenge.
Basically a secondary IP address is a way to assign more than one IP address to a single interface. There might be a question in your mind about what is exact senario where you configure it?
For example, you might have multiple subnets that you want to connect to using the same physical interface. As per the Router IP, you can think of it as the network that your router is connected to. In this case, if your router's private IP address is 192.168.1.1, then the Router IP would be 192.168.1.0/24. Or, you might want to run multiple services that each require their own IP address.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.