Hi
Has anyone ever got this to work?
British Telecom (for example) offer a static IP service which works by assigning a dynamic link address to the PPP endpoint (The firewall in this case) and then the exchange equipment routes the blocks of static IP addresses to this device based on their dynamic link address.
On a cisco device, all you have to do is unnumber one of these static addresses against the dialer interface and you can assign a static to the firewall/appliance.
This never seems to work in FortiOS - the system seems to ignore the unnumbered address, amd I always have to use DDNS to enable the use of SSL VPN etc. Is this expected behaviour ?
If this is PPPoE, than yes the fortigate can work with most carriers. During the ppp and during the ipcp portion, it will negotiate the address with the ppp-server.
PCNSE
NSE
StrongSwan
Hi
I'm aware of that, I've set it up in this manner many times.
My point is - the unnumbered IP, if set under the WAN interface, is always ignored by the system.
It works on any cisco device when unnumbered against the dialer interface, but not on the fortinet.
I want to recreate this: (Vlan 1 has one of the assigned statics)
interface Dialer1 ip unnumbered vlan1 encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname BROADBAND USERNAME ppp chap password BROADBAND PASSWORD ppp pap sent-username BROADBAND USERNAMEm password BROADBAND PASSWORD
Not sure what you men ignored, but did you remove all policies or other bindings under wan1? PPPoE is straight forward but if you re reconfiguration from a mode other-than pppoe, than you need to police any dependencies checks.
PCNSE
NSE
StrongSwan
I worked around this by selecting one of the IPs in the subnet as a management IP and creating VIPs from the wan1 interface to another FortiGate interface.
That way I don't care if the dynamic wan1 address changes as the requests are always routed to the management IP.
I'm not sure why BT do it this way. Other ISPs we use either assign a static IP or bridge the subnet on both sides of the router.
Dear Mark
If you have public static IP address and you configure FortiGate in PPPoE mode, Then your device is accessible from the internet directly.
So you can implement VPN SSL. Why you need to configure DDNS if IP address is static?
Will I know the question is not to me, but that's exactly what I do. Configured dyndns and then i can care less if the ISP give me a new address.
PCNSE
NSE
StrongSwan
Mark, You mean that in this case your Virtual IP addresses can not work? Did you check it?
or maybe you want to uses public IP addresses in local network?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.