FortiGate Configuration with ISP Router HELP

Forum|Forum|8 years ago
February 22, 2018
2 replies
21251 views

Hello everybody I'm new here and a noobie and I have difficulties figuring out how to configure my FortiGate. In exact words how to configure my "wan" and "internal" interfaces. FortiGate Address is 192.168.1.99, my local Network is 192.168.64.x and my router is my gateway with the address 192.168.64.1. The ISP IP Address is 212.186.186.150 and the computer from which I'm testing has the IP 192.168.1.100. The configuration should be like Internet--Router -- FortiGate - local Network. Everything I've tried I can't get it to work. What should be settings on "wan" and "Internal" interfaces? I get an access to the internet from 192.168.1.100 but I don't have the access to the it from outside (RDP). Because the traffic from outside comes to the router first, it should pass all the traffic to the FortiGate behind. How should i do that?

Sorry I know there are a lot of question but I really need help.

Thank you.

FortiGate

Toshi_Esumi

SuperUser

If you're really new and need to configure it right away without enough time to read around the handbook, and other materials, the best way is to search below keywords with your favorite search engine, which would provide you links to various FortiOS versions of Fortinet cookbook. Then choose the link of your version. In your case, just disable NAT at the policy creation page since your ISP's router is doing NAT.

The keywords are "fortinet cookbook installing fortigate in nat/route mode"

ede_pfau

SuperUser

Cascading routers is never a good idea. Nevertheless it works with some twiddling.

What you could try first is to forward ALL traffic from the ISP router to the FGT, sometimes called "exposed host". In this way the public IP address is handed down to the FGT WAN port which is necessary for FortiGuard updates, VPN etc.

If you cannot configure the ISP router then 192.168.64.0/24 becomes your "transfer network" in which only 2 addresses are used: .1 for the router and .2 for the FGT WAN port. The LAN behind the FGT needs to have a different address range, like 192.168.22.0/24. The FGT can serve as the DNS, DHCP server and NTP server for your LAN.

You will find all of this (the basics) in the FortiOS Handbook, to be found on docs.fortinet.com. I personally don't like the videos from FTNT as 1- they are running like in fast-forward and 2- they don't tell you the why, just the how for this one special case. As no network is identical it's easy to miss the point.