Fortinet black logo

Configuring static addressing in FortiProxy

7.2.0
Copy Link
Copy Doc ID 5841f95c-354d-11ed-9d74-fa163e15d75b:227345
Download PDF

Configuring static addressing in FortiProxy

Note

You must following the proper order of actions as documented. Changing interface settings before configuring routing results in loss of communication with the FortiProxy, which you can recover using CLI commands over a serial console.

To configure static addressing in FortiProxy:
  1. Log in to the FortiProxy GUI.

  2. Go to Network > Static Routes.

  3. Configure a route to the first IP address in the subnet with a netmask of 255.255.255.255:

    1. Click Create New.

    2. In the Destination field, enter the required subnet.

    3. For Gateway Address, select Specify and enter 0.0.0.0.

    4. From the Interface dropdown list, select the required interface.

    5. Click OK.

  4. Configure a route to the local subnet CIDR:

    1. Click Create New.

    2. In the Destination field, enter the required subnet.

    3. For Gateway Address, enter the first IP address in the subnet. In this example, it is 10.132.0.1. The FortiProxy GUI displays a warning that the gateway IP address is unreachable through the interface. You can disregard this error, as the first configured route mitigates it.

    4. From the Interface dropdown list, select the desired interface.

    5. Click OK.

  5. If you are configuring the port1 interface, which FortiProxy typically uses for egress traffic to the Internet, metadata service, and the Google API, you must configure a default route using gateway settings:

    1. Click Create New.

    2. In the Destination field, enter 0.0.0.0/0.0.0.0.

    3. For Gateway Address, enter the same IP address configured as the gateway address for the route to the local subnet CIDR. In this example, it is 10.132.0.1.

    4. From the Interface dropdown list, select port1.

    5. Click OK.

  6. Go to Network > Interfaces.

  7. Double-click the required interface.

  8. Under Addressing mode, select Manual. FortiProxy automatically populates the proper IP address with a 255.255.255.255 netmask.

  9. Click OK.

Configuring static addressing in FortiProxy

Note

You must following the proper order of actions as documented. Changing interface settings before configuring routing results in loss of communication with the FortiProxy, which you can recover using CLI commands over a serial console.

To configure static addressing in FortiProxy:
  1. Log in to the FortiProxy GUI.

  2. Go to Network > Static Routes.

  3. Configure a route to the first IP address in the subnet with a netmask of 255.255.255.255:

    1. Click Create New.

    2. In the Destination field, enter the required subnet.

    3. For Gateway Address, select Specify and enter 0.0.0.0.

    4. From the Interface dropdown list, select the required interface.

    5. Click OK.

  4. Configure a route to the local subnet CIDR:

    1. Click Create New.

    2. In the Destination field, enter the required subnet.

    3. For Gateway Address, enter the first IP address in the subnet. In this example, it is 10.132.0.1. The FortiProxy GUI displays a warning that the gateway IP address is unreachable through the interface. You can disregard this error, as the first configured route mitigates it.

    4. From the Interface dropdown list, select the desired interface.

    5. Click OK.

  5. If you are configuring the port1 interface, which FortiProxy typically uses for egress traffic to the Internet, metadata service, and the Google API, you must configure a default route using gateway settings:

    1. Click Create New.

    2. In the Destination field, enter 0.0.0.0/0.0.0.0.

    3. For Gateway Address, enter the same IP address configured as the gateway address for the route to the local subnet CIDR. In this example, it is 10.132.0.1.

    4. From the Interface dropdown list, select port1.

    5. Click OK.

  6. Go to Network > Interfaces.

  7. Double-click the required interface.

  8. Under Addressing mode, select Manual. FortiProxy automatically populates the proper IP address with a 255.255.255.255 netmask.

  9. Click OK.