Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CourtKPrin
New Contributor II

Route Scopes clarification

In the installation instructions for creating Layer 3 route scope interface eth1, it says to "Use a different IP for each route scope type you configure".  Does that mean Isolation, Registration, Remediation interface addresses should have different IPs, but be in the same subnet? 192.168.10.23 /24, 192.168.10.24 /24, 192.168.10.25 /24

 

In the same section of the instructions, Figure 11 shows Interface IPv4 address: 192.168.10.23 mask:255.255.255.0 and optional gateway 172.16.39.1.  Shouldn't the gateway be in the same subnet as the interface?  I don't understand how this optional gateway is involved.

 

2 REPLIES 2
CourtKPrin
New Contributor II

I now think each Isolation Network has a different IP, but is in the same subnet, because, "eth1 is connected to a single VLAN."  For example:

Remediation interface IP is 192.168.10.23 with subnetmask 255.255.255.0

Registration interface IP is 192.168.10.24 with subnetmask 255.255.255.0

DeadEnd interface IP is 192.168.10.25 with subnetmask 255.255.255.0

 

Is that correct?

 

I still don't know what goes in the optional gateway field for each Isolation Network.  If eth1 on the FortiNAC is connected to eth1 on the router and it has an IP of 192.168.10.254, would that IP be used in the optional gateway field for each Isolation Network?  Or, leave it blank?

CourtKPrin

I got a reply from support about Figure 11 in the setup instructions and they will be correcting them.  For the gateway, it will use the interface's subnet, i.e. 192.168.10.1

Labels
Top Kudoed Authors