IP Pool
Your company has an application server on the internal network that sends out regular data updates to an offsite service. In order to make the service site more secure, they only accept connections from predefined IP address. If the external IP address of the FortiGate firewall interface were used that would mean that the service would be accepting sessions from just about any user in the network so a separate IP address need so be assigned for the Network Address Translation.
• The external address that will be used is one that has been assigned to the company by the ISP on WAN2
• The address is 256.100.42.129 (for example use only. Not a valid IP address)
Note: the ARP interface cannot be set in the Web-based Manager but as this is the only path that the traffic will be coming from the outside this should not be an issue. The setting has been included in the CLI instructions so that you will now how to set it in a situation where you want the ARP replies to be answered only on a specific interface.
Go to Policy & Objects > Objects > IP Pools.
Fill out the fields with the following information:
IP Pool Type | IPv4 Pool |
Name | App_Server1 |
Comments | Addresses assignment for this server only. |
Type | One-to-One |
External IP Range | 256.100.42.129 |
ARP Reply | <enabled> |
Select OK
Enter the following CLI command:
config firewall ippool
edit App_Server1
set comments ''Addresses assignment for this server only."
set type one-to-one
set arp-reply enable
set arp-intf wan2
set startip 256.100.42.129
set endip 256.100.42.129
end
To verify that the category was added correctly:
Go to Policy & Objects > Objects > IP Pools.
Check that the IP Pool has been added to the list of IP Pools and that the listed settings are correct.
Enter the following CLI command:
config firewall ippool
edit <the name of the IP Pool you wish to verify>
show full-configuration