Skip to main content
GoldFran
GoldFran
New Member
August 11, 2012
Question

How configure any ports fot Fortigate 40c?

  • August 11, 2012
  • 4 replies
  • 8542 views
Hi guys I buy a simple UMT for my small business, Fortigate 40c. I have a problem. I made a miscalculation of the ports. I mean: I use Fortigate 40c for Firewall, SSL VPN and contents filtering. The problem is I have 6 device and 5 switch ports: 5x switch port RJ45 2x wan port RJ45 1x console port RJ45 2x USB port: " A" and " B" (Management) In my business have: - HP Proliant ML110 Server Windows 2008 Fundation --> RJ45 - 2big NAS Lacie --> RJ45 - 5big Network 2 Lacie --> 2xRJ45 (I use only one) - 2x desktop PC --> 2xRJ45 - Brother Office Multifunction --> RJ45 and USB2.0 There are six device but only 5 switch ports... My question is: Can I configure other ports to use with others switch ports? For example: Use second Wlan port to connect any device or USB port (no-management) to connect the printer device? or RJ45 console? Thx

    4 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    August 11, 2012
    hi, and welcome to the forums. You can use any port for any purpose. The labels on it are just a suggestion. So you can connect the printer to the " wan2" port but have to give it a different IP address than the rest of your network. If this sounds difficult see below for an easy way. You cannot split and combine ports as a ' switch' with the 40C. You cannot use the Console port for networking - this is a serial port! Do not connect your LAN to it, it could be damaged. The easy way would be to just buy a 5 port switch and connect it to the ' internal' interface. It should be Gigabit ethernet to connect the PCs and the server, or the storage. Cost is about 30 Euros or the like. You' ve save money on the firewall and now put a fraction of that back into a switch. Not a bad deal.
    GoldFran
    GoldFranAuthor
    New Member
    August 11, 2012
    Thx ede_pfau, I think understand you: I use ports interface for any purpose in 40c, but, It´s diferent interfaces, for example, if use 5 ports switch and them I use WAN2 port for printer device... Switch devices and WAN2 devices dont´s see it. My Server dont´s see printer device because It would in other subnet, right? Don´t put switch devices and WAN2 printer device in the same IP Lan I supose... If the best option It´s to buy a small switch to connect in 40c one ethernet port and have 5 switch independence port and 4 switch firewall port... What independence small switch you recommended me?
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    August 11, 2012
    OK, you can use the wan2 port just for the printer. Here' s how: 1. say you LAN is 192.168.123.0/24 2. configure wan2 to be 192.168.144.1/24 - - must be different 3. configure your printer to be 192.168.144.2 4. the FGT will do the routing automatically 5. you need at least one policy - from internal/switch, all to wan2, all, allow all services 6. you might have a second policy wan2->internal but usually printers do not talk to the LAN. That' s all. If you want to go with a small switch: I have used netgear (metal box, blue) but I guess any model from D-Link, Allied Telesys, HP, Cisco,... will do. No special requirements.
    GoldFran
    GoldFranAuthor
    New Member
    August 11, 2012
    Ok, understand you. It´s possible to use WAN2 (for example) to printer device with other IP different to switch IP range but not problem because FTG redirect automatice with politices. Printer device not necesary to see Lan, but, It´s best idea buy a switch? Good idea to future devices I supose... About 6-8 small switch port, I´d like good switch and economic 30-60$ more or less
    FortiRack_Eric
    FortiRack_Eric
    New Member
    August 13, 2012
    go for Cisco SMB series 200 / 300, more expensive but hey, you already went for quality buying a Fortinet.
    GoldFran
    GoldFranAuthor
    New Member
    August 13, 2012
    Yeah! but, at the moment, are more expensive...
    GoldFran
    GoldFranAuthor
    New Member
    August 21, 2012
    finally I buy this switch: Cisco Linksys SE2800-EU good price: 45€ + tax
    Jack_Gerbs
    Jack_Gerbs
    New Member
    September 7, 2012
    I am late to the game with my response, but technically you could use the extra DMZ and or WAN2 port and make it part of a soft-swtich which includes the LAN ports. The FGT 40c does support a soft-switch feature. config system switch-interface edit name (example SoftSW) set member Lan, DMZ (the names may be different depending on firmware and model, you can use the tab key to scroll through valid names).. set vdom root next end This is fairly easy if you are familar with FGTs, if not I suggest what other have said, and purchase an inexpensive 5-port switch. Good luck.
    Terms & ConditionsAccessibility statement