Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Two different Public IP addresses to be masked...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Two different Public IP addresses to be masked as one
Good Day all
i am in a predicament, i have 2 different service providers that have two different public ip addresses, we use an application from the states that is only able to use one public ip. the reason i have 2 different public ip addresses is that on is a fail over. i need to make sure that if the second link kicks in due to power or provider issues that it reflects the same public ip as the main link. is this even possible i have read numerous posts but none seem to help me achieve my goal.
please help
thank you in advance.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I dont think that is possible the way you think.
You can create WAN Redundancy by using sd-wan or adding more default routes with higher costs.
Still you will have to do dnat with the ip the currently used wan interface has.
Other way round would be a routing/ip distribution issue on your isp(s) side. I don't thihnk they will do this.
A "workaround" might be not to use the public ip but on the opposite side use a fqdn created by a dnyndns service that points to the ip oof your currently used wan. This can be done by using the buiilt in FortiDDNS Service in the FGT.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your quick response, so my efforts are actually in vain? i just really thought that this would be possible. like creating a trunk with the public ip and all traffic that passes through that tunnel would reflect that public ip, sort of like masking.
thank you again
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Steven,
The problem is you're only thinking of your environment, not how the Internet as a whole routes traffic. ISP A owns your WAN 1 IP address and ISP B owns your WAN 2 IP address.
There is no mechanism in your situation for upstream providers to know that YOUR link with ISP A failed and they should now route your particular ISP A IP address to ISP B. They don't even know you use ISP A and B, because they don't know you exist.
BGP is that mechanism for larger networks (i.e. if you owned your OWN addresses), but you'd need at least a /24 not to run into filtering issues. Sebastian's idea of using dynamic DNS is your best shot.
- Daniel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good day all
i want to thank you for all your advise and i will be exploring these avenues, i feel i haven't explained my issue enough so i will do my best and if the answers are still the same i will let it be. the company i support is a fabrication company they are in constant communication with another company in the USA they have a direct ipsec tunnel into the network where they share drawings and information of the products. so if the tunnel goes down that means that orders stand still and work cannot commence. this is why i needed to know if merging two different isp public's into one would be possible. could we not then just do redundant ipsec tunnels or is dyndns still the best option. thank you again for all the feedback it is greatly appreciated.
Regards
Steven
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Indeed it woul work if you own autonomous subnets. With that you could announce a new route for subnet A on Line B. But I assume that you do not have such since it is rather very complex and much efford and probably costs to get some.
The ISP I worked for like 12yrs had some - thats why I know that.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok great so Dns looks like my only option then, im fairly new to the fortigate dns side how would i go about setting that up?
regards
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiGate ICMP ECHO before DHCP Offer 104 Views
- Why can FortiGuard Servers not be... 153 Views
- FortiADC rspools on HA02 down after... 92 Views
- How to configure a LAN interface... 304 Views
- Can't filter firewall policy based on... 262 Views
Labels
-
FortiGate
8,256 -
FortiClient
1,670 -
5.2
801 -
FortiManager
693 -
5.4
639 -
FortiAnalyzer
526 -
FortiSwitch
446 -
FortiAP
439 -
6.0
416 -
FortiClient EMS
384 -
5.6
362 -
FortiMail
306 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
197 -
5.0
196 -
FortiWeb
193 -
FortiNAC
168 -
IPsec
166 -
FortiGuard
131 -
6.4
128 -
SD-WAN
101 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
95 -
FortiToken
88 -
FortiAuthenticator
77 -
Customer Service
75 -
Wireless Controller
75 -
Firewall policy
67 -
4.0MR3
64 -
FortiProxy
55 -
FortiADC
51 -
Fortivoice
50 -
FortiEDR
50 -
VLAN
46 -
High Availability
45 -
ZTNA
44 -
FortiExtender
43 -
FortiDNS
42 -
FortiSandbox
40 -
Routing
37 -
DNS
37 -
BGP
36 -
FortiGate v5.4
35 -
LDAP
35 -
FortiSwitch v6.4
33 -
SAML
32 -
Certificate
32 -
Interface
31 -
SSO
29 -
FortiConnect
28 -
Authentication
28 -
NAT
28 -
RADIUS
26 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
24 -
FortiGate v5.2
23 -
Application control
22 -
Virtual IP
22 -
Web profile
21 -
Logging
20 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
FortiPAM
18 -
Traffic shaping
17 -
SSL SSH inspection
16 -
FortiDDoS
15 -
FortiGate v5.0
14 -
OSPF
14 -
IP address management - IPAM
14 -
FortiCASB
12 -
SNMP
12 -
SSID
12 -
Admin
12 -
Static route
12 -
WAN optimization
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiSOAR
11 -
Automation
11 -
System settings
11 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiManager v4.0
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiBridge
8 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
Traffic shaping policy
7 -
Fabric connector
7 -
Intrusion prevention
7 -
FortiDeceptor
6 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Traffic shaping profile
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiScan
4 -
Explicit proxy
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Replacement messages
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1603 | |
| 1048 | |
| 749 | |
| 443 | |
| 210 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.