Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Secondary IP on WAN interface

Hi All,


I have been trying to understand it for last few days, why do we configure secondary IP address on FortiGate firewall's wan interface.

But I couldn't understand it clearly till now, are there anybody can make me understand it thoroughly .

with an example .


Thank you in advanced.





Hello Umesh,

I hope the below document link helps:

Shilpa C.P



I would like to tell you, have gone through this document but exactly couldn't understand use of secondary IP address on wan interface.

Contributor II

Dear Umesh,


The easy way on understanding or usage of secondary IP. 


1> There may not be enough host addresses for a particular network segment. For example, your subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you need to have 300 host addresses. Using secondary IP addresses on the routers or access servers allows you to have two logical subnets using one physical subnet.



  • Two subnets of a single network might otherwise be separated by another network. This situation is not permitted when subnets are in use. In these instances, the first network is extended, or layered on top of the second network using secondary addresses.

Also this helps in case of Public subnets owned by organization rather than ISP ( using secondary IP address you can use them directly bu using secondary IP


Hope You will understand the point. 


Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors