Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mbebwe
New Contributor

use another public ip on WAN interface

Hi,

 

We have small public IP (/29) network from our provider, but only one public IP is in use, on External (WAN1) interface. We need to use another public ip, so the only way is add it as secondary to same WAN1 interface? 

 

Also if it's true, don't understand, how then to create a policy to allow, for example, doing NAT through new public ip to internal network ? When I create a new policy with Incoming Interface=WAN1 does it matter which public ip will be using ? 

 

FG100F with fw 7.2.3

1 Solution
Yurisk
Valued Contributor

Hi, 

you do NOT need to put this other IP address on the WAN interface as secondary or in any other way. Just use it in appropriate places:

 

  • For Source NAT of outgoing LAN to Internet connections use as Dynamic IP Pool when configuring a rule
  • FOr Destination NAT for incoming from Internet to LAN VIPs, just use this IP in configuring VIP as if it is known to Fortigate already, just make sure not to limit this VIP to a specific interface when creating it, leave the default any.

You do need to use additional IP as secondary on an interface in specific cases - like taking part in dynamic routing protocols, using for DHCP, few more, but not in your case.

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
1 REPLY 1
Yurisk
Valued Contributor

Hi, 

you do NOT need to put this other IP address on the WAN interface as secondary or in any other way. Just use it in appropriate places:

 

  • For Source NAT of outgoing LAN to Internet connections use as Dynamic IP Pool when configuring a rule
  • FOr Destination NAT for incoming from Internet to LAN VIPs, just use this IP in configuring VIP as if it is known to Fortigate already, just make sure not to limit this VIP to a specific interface when creating it, leave the default any.

You do need to use additional IP as secondary on an interface in specific cases - like taking part in dynamic routing protocols, using for DHCP, few more, but not in your case.

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Top Kudoed Authors