This article describes how to use of /31 subnet mask on FortiGate interface for point-to-point networks especially ISP connections.
Table of Contents
Scope
FortiGate v6.0 and above.
Solution
To preserve IPv4 address space, point-to-point networks can employ a 31-bit subnet mask, as outlined in RFC 3021.
Unlike allocating four IP addresses with a 30-bit subnet mask in IPv4, a 31-bit subnet mask only utilizes two IP addresses: one with all bits set to zero and the other with all bits set to one in the host portion of the IP address.
These two addresses are designated as host addresses and do not necessitate broadcast support. As each transmitted packet from one host is invariably received by the other host, directed broadcast on a point-to-point interface becomes unnecessary.
CLI Reference
config system interface edit "port1" set vdom "root" set ip 37.24.248.2 255.255.255.254 set allowaccess ping https HTTP set type physical set snmp-index 3 next end
No special command is required to assign a /31 IP address to an interface on FortiGate. Other IP addresses can be used as the gateway in static route configuration. In this case, that is 37.24.248.3.
The ARP entry of the gateway can be viewed on the FortiGate by running the command:
get system arp
FortiOS supports RFC 3021.