Hot!SD-WAN Can't use Ip pool

Author
Vincent.Lai
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/28 00:22:59
  • Status: offline
2019/01/28 00:37:46 (permalink)
0

SD-WAN Can't use Ip pool

Hello 
 
I have a Fortigate 200E FortiOS v6.0.4 build0231 (GA)
 
I have two ISP with SD-WAN  and each ISP has an ip pool
 
But if the intranet has an IP that wants to go out with a specific IP of the IP pool
 
When I configure IPv4 Policy like this and use "use dynamic ip pool", the IP can't access the Internet.
 
 

Attached Image(s)

#1

5 Replies Related Threads

    Philippe Gagne
    Bronze Member
    • Total Posts : 42
    • Scores: 4
    • Reward points: 0
    • Joined: 2015/06/25 17:55:25
    • Location: Trois-Rivieres
    • Status: offline
    Re: SD-WAN Can't use Ip pool 2019/01/28 17:35:03 (permalink)
    0
    Hi Vincent,
     
    You have to assign the IP Pool to the interface with these CLI commands:
     
    config firewall ippool
    edit "IPPool name"
    set associated-interface wan1
    next
    end
     
    But, you have to force the trafic to the right interface in SD-WAN rules. In the current version, we can't assign IPPool on one interface and use outgoing IP address on the other. Feature Request have been asked for this.
     
    If you want to use SD-WAN with IPPool, you have assign IP Pool on both wan interfaces, and don't forget to associate IPPool with the right one! :-)
     
    Issue you currently have is weird: Fortigate tries to NAT on interface WAN2 with the IP Pool of the WAN1!
     
    Let me know if it fixes your issue! 
     
    Philippe Gagné, NSE7
    Androide
     
    #2
    fred.q
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/09/15 01:40:11
    • Status: offline
    Re: SD-WAN Can't use Ip pool 2019/06/09 05:40:23 (permalink)
    0
    I have similar problem to you. Each office room of my company use different Public IP. When our main ISP is at fault, only the interface IP can switchover, I have to manually change to use backup ISP.
    As I know, you have to use Interface IP as NAT source. Fortinet hasn't resolve this problem. It's boring. 
     
    #3
    rwpatterson
    Expert Member
    • Total Posts : 8404
    • Scores: 195
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: offline
    Re: SD-WAN Can't use Ip pool 2019/06/10 12:18:23 (permalink)
    0
    fred.q
    I have similar problem to you. Each office room of my company use different Public IP. When our main ISP is at fault, only the interface IP can switchover, I have to manually change to use backup ISP.
    As I know, you have to use Interface IP as NAT source. Fortinet hasn't resolve this problem. It's boring.

    As far as your issue goes, could you not just create separate IP pools for each room/outgoing policy? If WAN2 is being used (failover?), then the new distinct IP pools on that interface would kick in, no? As long as your ISP is pointing the return traffic to those IP pool addresses, this should work. Remember, the IP pool needs to be addresses routable outside of the Fortigate.
    post edited by rwpatterson - 2019/06/10 12:24:56

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #4
    rwpatterson
    Expert Member
    • Total Posts : 8404
    • Scores: 195
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: offline
    Re: SD-WAN Can't use Ip pool 2019/06/10 12:23:42 (permalink)
    0
    Vincent.Lai
    Hello 
     
    I have a Fortigate 200E FortiOS v6.0.4 build0231 (GA)
     
    I have two ISP with SD-WAN  and each ISP has an ip pool
     
    But if the intranet has an IP that wants to go out with a specific IP of the IP pool
     
    When I configure IPv4 Policy like this and use "use dynamic ip pool", the IP can't access the Internet.

    I cannot see your whole configuration, but if your IP pool has publicly routable IP addresses, then it should work for you as well, AS LONG AS your ISP is pointing those IP addresses back towards your Fortigate.

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #5
    srevol
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/02/26 01:23:42
    • Status: offline
    Re: SD-WAN Can't use Ip pool 2019/06/24 09:52:45 (permalink)
    0
    Hello,
    I have exactly the same question , but with the option "one-to-one" of the IPPool.
     
    I have to use this option to be compliant with my SIP provider ( need to have no PNAT ), and I can't configure "set associated-interface" on the IP Pool when "set type one-to-one" is set....
     
    Do we have a solution to use 2 public IP , for one internal server , on 2 ISP , with the option one-to-one ?
     
    Thanks !
    BR
    Stéphane
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5