How to check WAN public IP

ITadm · ‎08-11-2019

Hello,

Is there any way to check my public IP on backup WAN interfaces using only FG cli? I have 2 backup WAN connections behind NAT (so I can see only local IP in settings), if I could only use a command like this:

nslookup myip.opendns.com. resolver1.opendns.com

with ability to choose interface it'd be great. I'd prefer to avoid turning off the main WAN connection and checking it from a host because I have a few locations and they have to be available 24/7. I'm using 60E Firewalls with latest OS.

Thanks in advance!

sw2090 · ‎08-12-2019

hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Toshi_Esumi · ‎08-12-2019

There was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though.

# config sys int

# edit ?

The list includes IP addresses pulled via pppoe and dhcp.

Dave_Hall · ‎08-12-2019

Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt.

As Toshi indicated, you can get the IP information for the interfaces - you can also use get sys int, but it provides a bit more info than you may want. But if these are NAT devices then you may If you want the route/gateway info, use: get router info routing-table details

If you want to set up or give these backup WAN devices DDNS host names, see KB #FD41601.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ITadm · ‎08-12-2019

Thank you for the responses.

Toshi Esumi wrote:
There was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though. # config sys int # edit ? The list includes IP addresses pulled via pppoe and dhcp.

Unfortunately, all of my backup WAN connections are behind NAT, there is a separate small subnet network between fgt and gsm modem :(.

Dave Hall wrote:
Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt.

That's exactly how it works in my case as I use mostly GSM backup so WAN2 port is connected to a gsm modem behind NAT and with port forwarding for site to site VPN and web mgmt access for specific IPs. I have to set up backup vpn tunnels and create some basic ping monitors (from the main location to public IPs). I didn't get any info about the IPs from previous admin and that's why I'm trying to find a creative and non-invasive way to get it :).

sw2090 wrote:
hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).

Well, I'm not using SDWAN, only link-monitor with update-cascade-interface & update-static-route.

So, I think that I have two options left:

1. Adding a non-responsive address to ping on main WANs link-monitor to start using backup WAN then connect to a workstation and check it

2. Creating an additional vpn tunnel including this small subnet between fgt and gsm modem so I can access the modem from the main location and check public IP

I choose the second option :)

Thanks for your suggestions!

FNT_Learner · ‎01-01-2024

hello,

please try these commands.

# diagnose sys waninfo
# diagnose sys waninfo ipify

itchubbarabia · ‎04-22-2024

I love this option, I have tried it on my setup and I exeute:

#diagnose sys waninfo ipif wan2
so, it gave me all details about the public IP even it's the backup link behind ISP modem and NAT

imigdad