Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

VIPs not working over pppoe connection

Hi ladies and gents


I've got a Fortigate 90D (5.4 Build 1011 in interface mode and doing NAT) with two wan connections. One is fibre (wan1) with a small range of public IPs and the other is an ADSL/pppoe backup connection (wan2). I've setup failover between the two wan ports and it works great. Wan2 is configured as a pppoe port with the ADSL router in bridge mode.


On the primary interface (wan1) I have a few public IPs that I forward to various internal servers via VIPs and port forwarding. I want to have a similar setup for when the link fails to the adsl connection (which has one dynamic IP). 


So I created new VIPs that reference wan2 and I use the public IP that is currently assigned by the service provider.

(no place for a FQDN it seems so it will break once the IP changes but I'll worry about that later).


None of the VIPs work even though I've created a new VIP and assigned a policy to it and the wan2 interface.

I'm new to Fortigate so I would not be surprised if I missed something obvious, has anyone managed to get

VIPs working over a pppoe connection. Any advice on where to look etc.


Your help is greatly appreciated.



New Contributor



Thanks for the response. 

Minutes after posting this thread I had a light bulb moment and found my mistake. It now works.


My mistake was configuring the external IP on the VIP config. The VIP is already bound to

wan2 but for some sleepy reason I was thinking I needed to put my dynamic public IP in here. But

what that actually does is limit the VIP to only forward traffic received from that IP (which in theory would

never happen). At least that is what made sense to me. :)



set uuid 4xxxxxxx-2xxx-5xxx-2xxx-1xxxxxxxxxxx set comment "Exchange access via backup link" set extip 169.x.x.x   <------------------------- this should be  set extintf "wan2" set portforward enable set mappedip "10.x.x.x" set extport 443 set mappedport 443 next