Using public IP addresses in source IP anchoring policies
|
For source IP anchoring, you must purchase another Dedicated Public IP add-on license with four additional dedicated IP addresses beyond the initial number of dedicated IP addresses per PoP. The additional four dedicated IP addresses can be allocated as desired for source IP anchoring rules such as all in a single PoP, one per PoP, or any combination in between. |
Customers can assign specific users or traffic from specific countries to use a specific public IP address using source IP anchoring policies. On the security point of presence (PoP) or the FortiGate that implements the security PoP functionality, a source IP anchoring policy consists of a policy route and associated firewall policy configuration. With this configuration, the FortiGate routes traffic based on matching criteria for source traffic (specific users/groups or specific countries) and applies a source NAT using a specific public IP address from within the customer’s allocated block of IP addresses.