Assign multiple IP pools and subnets using IPAM Rules 7.2.1
Multiple IP pools can be assigned to different interfaces based on name and role using the IPAM Rules tab on the Network > IPAM page. This allows more flexibility when enabling network segmentation.
IPAM pools and rules can be defined on a FortiGate not in a Security Fabric or in the root FortiGate of a Security Fabric. |
IPAM pools can be defined using the config pools
command:
config system ipam config pools edit <pool_name> set subnet <IP address/netmask> next end end
IPAM rules can be defined using the config rules
command:
config system ipam config rules edit <rule_name> set device {<FortiGate_serial_number> | *} set interface {<name> | *} set pool <pool_name> next end end
A DHCP server can also be configured for IPAM-enabled interfaces using the following command.
# execute ipam create-dhcp-server <interface>
To configure IPAM rules in the GUI:
-
Enable IPAM status. See Add new IPAM GUI page 7.2.1 for more information.
-
Configure the subnet:
-
Go to Network > IPAM > IPAM Settings.
-
Select the + in the Subnets Managed by IPAM section. A new Subnets field is displayed.
-
Enter the IP address and netmask.
-
Click OK.
-
-
Go to Network > IPAM > IPAM Rules. The role-lan and Implicit Rule rules have been configured by default.
Implicit Rule cannot be modified or deleted. role-lan appears only after factory reset of the FortiGate and can be modified and deleted.
-
Click Create new. The New IPAM Rule page is displayed.
-
Enter the rule details, as necessary.
-
Click OK. The rule will be configured and appear in the IPAM Rules tab.
To configure IPAM rules in the CLI:
config system ipam set status enable config pools edit "default-pool" set subnet 172.31.0.0 255.255.0.0 next edit "lan-pool" set subnet 192.168.0.0 255.255.0.0 next end config rules edit "test-rule" set device "*" set interface "port4" set role lan set pool "lan-pool" set dhcp enable next end end