System Network Interface
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 85
Traffic logging for an interface
You can enable traffic logging for any interface. See “Traffic log” on page 415 for
more information.
Secondary IP Addresses
An interface can be assigned more than one IP address. You can create and
apply separate firewall policies for each IP address on an interface. You can also
forward traffic and use RIP or OSPF routing with secondary IP addresses.
There can be up to 32 secondary IP addresses per interface. Primary and
secondary IP addresses can share the same ping generator.
The following restrictions must be in place before you are able to assign a
secondary IP address.
• A primary IP address must be assigned to the interface first.
• The interface must use manual addressing mode.
• By default, IP addresses cannot be part of the same subnet. To allow interface
subnet overlap use the CLI command:
config system global
(global)# set allow-interface-subnet-overlap enable
(global)#end
Secondary IP addresses cannot terminate a VPN tunnel.
You can use the CLI command config system interface to add a
secondary IP address to an interface. For more information, see config
secondaryip under system interface in the
FortiGate CLI Reference.
Figure 38: Adding Secondary IP Addresses
Note: If you change the MTU, you need to reboot the FortiGate unit to update the MTU
value of VLAN subinterfaces on the modified interface.
Note: In Transparent mode, if you change the MTU of an interface, you must change the
MTU of all interfaces to match the new MTU.
To Next Page
Loading...
Need help?
General