Hot!How to check WAN public IP

Author
ITadm
Bronze Member
  • Total Posts : 28
  • Scores: 4
  • Reward points: 0
  • Joined: 2018/08/28 08:37:03
  • Status: offline
2019/08/11 23:29:41 (permalink)
0

How to check WAN public IP

Hello, 
 Is there any way to check my public IP on backup WAN interfaces using only FG cli? I have 2 backup WAN connections behind NAT (so I can see only local IP in settings), if I could only use a command like this: 
 
nslookup myip.opendns.com. resolver1.opendns.com
 
with ability to choose interface it'd be great. I'd prefer to avoid turning off the main WAN connection and checking it from a host because I have a few locations and they have to be available 24/7. I'm using 60E Firewalls with latest OS.
 
Thanks in advance! 
post edited by ITadm - 2019/08/11 23:31:15
#1

4 Replies Related Threads

    sw2090
    Gold Member
    • Total Posts : 470
    • Scores: 23
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: How to check WAN public IP 2019/08/12 06:30:15 (permalink)
    0
    hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).
    #2
    Toshi Esumi
    Expert Member
    • Total Posts : 1752
    • Scores: 143
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: How to check WAN public IP 2019/08/12 08:59:43 (permalink)
    0
    There was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though.
    # config sys int
    # edit ?
    The list includes IP addresses pulled via pppoe and dhcp.
     
    #3
    Dave Hall
    Expert Member
    • Total Posts : 1534
    • Scores: 167
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: online
    Re: How to check WAN public IP 2019/08/12 11:19:15 (permalink)
    0
    Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt. 
     
    As Toshi indicated, you can get the IP information for the interfaces - you can also use get sys int, but it provides a bit more info than you may want.  But if these are NAT devices then you may If you want the route/gateway info, use: get router info routing-table details
     
    If you want to set up or give these backup WAN devices DDNS host names, see KB #FD41601
     
     

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #4
    ITadm
    Bronze Member
    • Total Posts : 28
    • Scores: 4
    • Reward points: 0
    • Joined: 2018/08/28 08:37:03
    • Status: offline
    Re: How to check WAN public IP 2019/08/12 14:59:45 (permalink)
    0
    Thank you for the responses.
    Toshi EsumiThere was the same discussion on this forum before. I was looking for it at that time and found it by searching through the forum. This shows all of interfaces though.
    # config sys int
    # edit ?
    The list includes IP addresses pulled via pppoe and dhcp.

    Unfortunately, all of my backup WAN connections are behind NAT, there is a separate small subnet network between fgt and gsm modem :(.
     
    Dave Hall
    Ideally, you would want your WAN devices to be configured in bridge mode, failing that if these WAN devices allow it you may be able to setup port forwarding on them to ports on the fgt. 

    That's exactly how it works in my case as I use mostly GSM backup so WAN2 port is connected to a gsm modem behind NAT and with port forwarding for site to site VPN and web mgmt access for specific IPs. I have to set up backup vpn tunnels and create some basic ping monitors (from the main location to public IPs). I didn't get any info about the IPs from previous admin and that's why I'm trying to find a creative and non-invasive way to get it :).
     
    sw2090hm if you use WLLB/SDWAN you could add some connectivity check that opens some url or pings something to have the ip(s).

    Well, I'm not using SDWAN, only link-monitor with update-cascade-interface & update-static-route.
     
    So, I think that I have two options left:
    1. Adding a non-responsive address to ping on main WANs link-monitor to start using backup WAN then connect to a workstation and check it
    2. Creating an additional vpn tunnel including this small subnet between fgt and gsm modem so I can access the modem from the main location and check public IP
     
    I choose the second option :)
     
    Thanks for your suggestions!
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5