Here's a Fortinet link to enable an overlap IP address in a FortiGate VDOM. I've subnetted a public IP address range and allocated a /31 subnet for the point-to-point WAN link to an ISP. I wasn't able to configure the /31 public IP address since it had a subnet overlap in another interface.
FGT (interface) # edit "npu0_vlink0.10"
new entry 'npu0_vlink0.10' added
FGT (npu0_vlink0.10) # set vdom "isp"
FGT (npu0_vlink0.10) # set ip 46.40.14.8 255.255.255.254
Subnets overlap between 'npu0_vlink0.10' with
primary IP of 'po1.10'
node_check_object fail! for ip 46.40.14.8 255.255.255.254
value parse error before '255.255.255.254'
Command fail. Return code -54
I had to configure the set allow-subnet-overlap enable command under the VDOM setting and I was able to apply the /31 public WAN IP address afterwards.
FGT # config vdom
FGT(vdom) # edit isp
current vf=isp:4
FGT(isp) # config system setting
FGT(settings) # set allow
allow-linkdown-path Enable/disable link down path.
allow-subnet-overlap Enable/disable allowing interface subnets to use overlapping IP addresses.
FGT(settings) # set allow-subnet-overlap
enable Enable overlapping subnets.
disable Disable overlapping subnets.
FGT(settings) # set allow-subnet-overlap enable
FGT(settings) # end
No comments:
Post a Comment