Configuring IP pools

A IP pool is essentially one in which the IP address that is assigned to the sending computer is not known until the session is created, therefore at the very least it will have to be a pool of at least 2 potential addresses. A quick example would be an IP pool for users of a VPN. IP pools are based upon the version of IP determined by the interface that they are associated with so as expected there are two types of IP pools that can be configured:

• IPv4 Pool
• IPv6 Pool

 

Because of the differences in the configuration for the two types of pools, instructions for configuring them will be done separately.

 

Creating a IPv4 Pool

1. Go to Policy & Objects > IP Pools.

2. Select Create New.

3. In the IP Pool Type field choose IPv4 Pool

4. Enter a name in the Name field for the new service

5. Include any description you would like in the Comments field

6. In the Type field choose between:

• Overload
• One-to–One
• Fixed Port Range
• Port Block Allocation

 

At this point the configurations can start to differ based on the type of type of pool.

For more information on the different types of IP pools, check IP Pools in the Concepts section.

 

Overload

7. For the External IP Range fields, enter the lowest and highest addresses in the range.If you only want a single address used, enter the same address in both fields.

8. Enable the ARP Reply field by making sure there is a check in the box

9. Select OK

 

Overload Example for GUI

In this example, the Sales team needs to connect to an Application Service Provider that does the accounting for the company. As a security measure, the ASP only accepts traffic from a white list of IP addresses. There is 1 public IP address of the company on that list.The Sales team consists of 40 people, so they need to share.The external interface is wan1.

Field                                     Value

IP Pool Type                            IPv4 Pool

Name                                       Sales_Team

Comments                              For the Sales team to use to connect to the Accounting ASP

Type                                        Overload (This is the default)

External IP Range                   10.23.56.20 – 10.23.56.20

ARP Reply                               enabled

 

Overload Example for CLI

config firewall ippool edit Sales_Team

set comments “For the Sales team to use to connect to the Accounting ASP” set type overload

set startip 10.23.56.20 set endip 10.23.56.20 set arp-reply enable

set arp-intf wan1 end

 

One-to–one

7. For the External IP Range fields, enter the lowest and highest addresses in the range. If you only want a single address used, enter the same address in both fields.

8. Enable the ARP Reply field by making sure there is a check in the box.

9. Select OK

 

 

One-to–one Example for GUI

In this example, the external IP address of the mail server is part of a range assigned to the company but not the one that is assigned to the Internet facing interface. A VIP has been set up but in order to properly resolve Reverse DNS lookups the mail server always has to use a specific IP address.The external interface is wan1.

Field                           Value

IP Pool Type                 IPv4 Pool

Name                           Mail-Server

Comments                   So the the correct IP address is resolved on Reverse DNS look ups of the mail server.

Type                             One-to-one

External IP Range        10.23.56.21 – 10.23.56.21

ARP Reply                    enabled

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!