Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mark239
New Contributor

Created on ‎11-10-2014 03:49 AM

Unnumbered IP against WAN interface

Hi

 

Has anyone ever got this to work?

 

British Telecom (for example) offer a static IP service which works by assigning a dynamic link address to the PPP endpoint (The firewall in this case) and then the exchange equipment routes the blocks of static IP addresses to this device based on their dynamic link address.

 

On a cisco device, all you have to do is unnumber one of these static addresses against the dialer interface and you can assign a static to the firewall/appliance. 

 

This never seems to work in FortiOS - the system seems to ignore the unnumbered address, amd I always have to use DDNS to enable the use of SSL VPN etc. Is this expected behaviour ?

FCNSA FCNSP
FCNSA FCNSP
37767
0 Kudos
13 REPLIES 13
JJ1
New Contributor
In response to norouzi

Created on ‎02-02-2016 01:24 AM

I believe what you are looking for is this:

 

http://www.mylesgray.com/networks/fortigate-unnumbered-ip-against-pppoe-interface/

 

Basically you have to tell the FGT to not negotiate the unumbered IP with the provider so it forces to the static IP (from your assigned subnet) which you set on the interface:

set pppoe-unnumbered-negotiate disable

2721
0 Kudos
echo
Contributor II
In response to JJ1

Created on ‎08-12-2016 05:54 AM

I am debugging why Mexico Uninet pppoe does not connect on FGT50E cluster with FortiOS 5.4.1. I found that this command described here is not available there. Although this was included in CLI reference for 5.4. The interface that I try to configure is actually a vlan interface. I still don't know if this is the same issue which is described here or something else... But even if the above command helps certain people, does this continue to be so with FortiOS 5.4?

2721
0 Kudos
MikePruett
Valued Contributor
In response to echo

Created on ‎08-14-2016 02:09 PM

If you know what your block of static addresses is....you can just configure the VIP's as if you have a normal static address. You don't have to be concerned with the dynamic WAN as the only thing that cares about that is the ISP hardware.

 

The FortiGate will route it regardless of what the dynamic address on WAN is because it really doesnt care. It just knows that it houses the static block based on the VIP's created.

 

 

 

Mike Pruett

Fortinet GURU | Fortinet Training Videos

Mike Pruett Fortinet GURU | Fortinet Training Videos
2721
0 Kudos
natshawnz
New Contributor

Created on ‎01-21-2023 05:53 PM

Have you tried disabling pppoe-unnumbered-negotiate?

1826
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.