Name: Fortinet FortiGate Series
Brand: Fortinet
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Configuring interfaces System Network

FortiGate Version 4.0 MR1 Administration Guide

196 01-410-89802-20090903

http://docs.fortinet.com/ • Feedback

See also

Secondary IP Addresses

An interface can be assigned more than one IP address. You can create and apply

separate firewall policies for each IP address on an interface. You can also forward traffic

and use RIP or OSPF routing with secondary IP addresses.

There can be up to 32 secondary IP addresses per interface including primary, secondary,

and any other IP addresses assigned to the interface. Primary and secondary IP

addresses can share the same ping generator.

The following restrictions must be in place before you are able to assign a secondary IP

address:

• A primary IP address must be assigned to the interface.

• The interface must use manual addressing mode.

• By default, IP addresses cannot be part of the same subnet. To allow interface subnet

overlap use the CLI command:

config system global

set allow-interface-subnet-overlap enable

end

You can use the CLI command

config system interface to add a secondary IP

address to an interface. For more information, see

config secondaryip under

system interface in the FortiGate CLI Reference.

Figure 81: Adding Secondary IP Addresses

Note: In Transparent mode, if you change the MTU of an interface, you must change the

MTU of all interfaces on the FortiGate unit to match the new MTU.

IP/Netmask Enter the IP address/subnet mask in the IP/Netmask field.

The Secondary IP address must be on a different subnet than the Primary IP

address.

This field is only available in Manual addressing mode.

Ping Server To enable dead gateway detection, enter the IP address of the next hop

router on the network connected to the interface and select Enable.

Multiple addresses can share the same ping server.

Administrative

Access

Select the types of administrative access permitted on the secondary IP.

These can be different from the primary address.

HTTPS Allow secure HTTPS connections to the web-based manager through this

secondary IP.

PING Allow secondary IP to respond to pings. Use this setting to verify your

installation and for testing.

Brand	Fortinet
Model	FortiGate Series
Category	Firewall
Language	English

Fortinet FortiGate Series Administration Guide

Table of Contents

Other manuals for Fortinet FortiGate Series

Questions and Answers:

Fortinet FortiGate Series Specifications

Related product manuals