Bridge-mode (one static IP) WAN link

Bridge-mode (one static IP) WAN link

Configuration of a one-static-IP bridge-mode WAN link starts from selecting and enabling the WAN link on Web UI (see Start to configure a WAN link in Configuring your WAN and DMZ), and select Bridge Mode: One Static IP from the WAN Type drop-down menu in Basic Setting panel. After that, you start configuring the following settings:

IPv4-based bridge-mode WAN link l Only Basic setting is necessary.

  • IPv4 basic subnets and IPv4 static routing subnets are not supported here. IPv4/IPv6 Dual-stack bridge-mode WAN link l Only Basic setting is necessary.
  • IPv4 basic subnets and IPv4 static routing subnets are not supported here; IPv6 basic subnets and IPv6 static routing subnets are optional.

Different from routing mode, configuration of static routing is contained in Basic Setting for a bridge-mode WAN link.

Basic Setting

Besides the WAN Type, the rest setting fields of Basic Setting of a one-static-IP bridge-mode WAN link are as followings:

WAN Port A FortiWAN’s network port used to connect the WAN link with the FortiWAN (you need to physically install the network cable to this port for the WAN link). All the physical and VLAN ports that are mapped to WAN (see Aggregated, Redundant, VLAN Ports and Port Mapping) are listed here for your options. The WAN link field is unrelated to the WAN port. For example, you can install WAN link 1 to WAN Port3, or WAN link 3 to WAN Port 1. (See WAN link and WAN port).
Up/Down Stream The WAN link’s transfer speed at which you can download/upload data from/to the

Internet. Please input the value in Kbps, e.g. 10240Kbps/640Kbps. FortiWAN Bandwidth Management’s default inbound and outbound classes use the two values actively to limit the download and upload rates on the WAN link (see Bandwidth Management).

Up/Down Stream Threshold Specify upstream/downstream (Kbps) threshold to the WAN link. WAN links with traffic exceeding the thresholds will be considered as failed.

FortiWAN’s Auto Routing and Multihoming will ignore the WAN links failed by exceeding traffic while distributing traffic over WAN links, if the Threshold function is enabled in their load-balancing policies (See Outbound Load Balancing and Failover (Auto Routing) and Inbound Load Balancing and Failover (Multihoming)).

Leave it blank or zero if you do not apply threshold to the WAN link.

MTU (Maximum Transmission unit) refers to the size of the largest packet or frame that a given layer of a communications protocol can pass onwards on the WAN port. It allows dividing the packet into pieces, each small enough to pass over a single link. It is set to 1500 by default.
IPv4 Localhost IP The IPv4 address that ISP provides (See “Scenarios to deploy subnets”). IP addresses specified here can be used for NAT to transfer the source IP address of packets to, and will be used to generate the NAT default rules of the WAN link (See “NAT”).
IPv4 Netmask The IPv4 netmask that ISP provides.
IPv4 Gateway The IPv4 address of the default gateway.
IPv6 Localhost IP The IPv6 address that ISP provides (See “Scenarios to deploy subnets”). IP addresses specified here can be used for NAT to transfer the source IP address of packets to, and will be used to generate the NAT default rules of the WAN link. For FortiWAN V4.0.x, system does not generate NAT default rules for IPv6 WAN links, setting NAT rules manually is required (See “NAT”).
IPv6 Prefix The IPv6 prefix that ISP provides.
IPv6 Gateway The IPv6 address of the default gateway.

[Bridge Mode: One Static IP] is used when ISP gives one static IPv4 address to a user. Usually, the IPv4 address a user obtained is one IP address of a C class IPv4 network; it is indicated by the netmask 255.255.255.0. The default gateway that ISP assigned is located at ISP’s network, while the ATU-R works in bridge mode.

FortiWAN’s Bridge Mode: One Static IP is suggested to apply for this case. IPv6/IPv4 dual static is supported for

FortiWAN’s Bridge Mode: One Static IP. In the dual static similar as previous case, ISP might provide you a WAN IPv6 subnet and a LAN IPv6 subnet. You can deploy the LAN IPv6 subnet as a basic subnet in DMZ. Although the deployment is under FortiWAN’s Bridge Mode, FortiWAN routes packets between WAN and DMZ for the IPv6 subnets. Basic subnets are not supported for IPv4 network deployed in Bridge Mode. The following topology is widely seen where a user gets one static IP from ISP.

See also
  • WAN link and WAN port
  • VLAN and port mapping
  • Configurations for VLAN and Port Mapping
  • Outbound Load Balancing and Failover (Auto Routing)
  • Inbound Load Balancing and Failover (Multihoming)
  • Scenarios to deploy subnets l IPv6/IPv4 Dual Stack
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.