Hi
Has anyone ever got this to work?
British Telecom (for example) offer a static IP service which works by assigning a dynamic link address to the PPP endpoint (The firewall in this case) and then the exchange equipment routes the blocks of static IP addresses to this device based on their dynamic link address.
On a cisco device, all you have to do is unnumber one of these static addresses against the dialer interface and you can assign a static to the firewall/appliance.
This never seems to work in FortiOS - the system seems to ignore the unnumbered address, amd I always have to use DDNS to enable the use of SSL VPN etc. Is this expected behaviour ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I believe what you are looking for is this:
http://www.mylesgray.com/networks/fortigate-unnumbered-ip-against-pppoe-interface/
Basically you have to tell the FGT to not negotiate the unumbered IP with the provider so it forces to the static IP (from your assigned subnet) which you set on the interface:
set pppoe-unnumbered-negotiate disable
I am debugging why Mexico Uninet pppoe does not connect on FGT50E cluster with FortiOS 5.4.1. I found that this command described here is not available there. Although this was included in CLI reference for 5.4. The interface that I try to configure is actually a vlan interface. I still don't know if this is the same issue which is described here or something else... But even if the above command helps certain people, does this continue to be so with FortiOS 5.4?
If you know what your block of static addresses is....you can just configure the VIP's as if you have a normal static address. You don't have to be concerned with the dynamic WAN as the only thing that cares about that is the ISP hardware.
The FortiGate will route it regardless of what the dynamic address on WAN is because it really doesnt care. It just knows that it houses the static block based on the VIP's created.
Mike Pruett
Have you tried disabling pppoe-unnumbered-negotiate?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.