Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vishal1
New Contributor III

secondary ip on fortigate

Hi all,

 

Please find attached diagram where isp terminated on cisco router and interconnected links between router and fortinet configure with private ip address.  Furthermore will configure secondary ip [one of public ip] on fortinet same port which is connected to cisco router. Basically need to now how can i  configure site to site tunnel, explicit proxy and internet facing rule using that interfaces. 

4 REPLIES 4
vishal1
New Contributor III

pfa diagram

diagram.png

funkylicious

Hi,

So basically you would define the public ip as the secondary on the existing interface, create a static route using the public ip of the router and the intf, then in ipsec config you would select Local Gateway and specify the public ip as the local-gw for which to initiate/accept as peer and as for the web proxy, https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-multiple-outgoing-IP-for-...

For the in/out firewall rules, it's the same principle as for regular policies, expect for the outbound/SNAT rule you would need to create a IP Pool and assign it to the rule and not use the default Use outgoing interface addreess

---------------------------
geek
---------------------------
---------------------------geek---------------------------
vishal1
New Contributor III

Hi,

 

What about other outgoing policies not going via explicit proxy ?. Would it be same as using ip pool as source nat

vishal1
New Contributor III

please help

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors