the best way to connect fortigate to the internet

Forum|Forum|3 years ago
August 6, 2022
1 reply
5285 views

Advice me what's the best way to connect fortigate to the internet of my home ADSL modem passing by cisco router ? i mean i configure dynamic or static NAT? or PAT ? or default static route from my fortigate to the adsl modem and configure default static route from my adsl to the fortigate ?or other methode ?

FortiGate

Toshi_Esumi

SuperUser

A possible best option is to eliminate the cisco router upstream and let the FGT take the internet connection directly from a modem so that the FGT can do VIP/DNAT for out-to-in traffic toward the server in DMZ. Otherwise it's Cisco that needs to do at least out-to-in NAT.

FGT's NAT is unidirectional and in-to-out and out-to-in NAT are independent. It would complicate things if there are two devices doing NAT. So if you left the Cisco in place, you would have to do all NAT at the Cisco.

Toshi

FirasbgAuthor

Explorer II

thanks, @Toshi_Esumi for your response

before I added the router I let the FortiGate access to the internet and i configure a policy to let the lan and DMZ access to the internet also but now i add the router and if I configure NAT in router to permit the network 192.168.2.x/24(network between the router and firewall) I will not configure NAT also in router to the LAN and DMZ networks because i configured them in fortigate right ?

Toshi_Esumi

SuperUser

If you're talking about only in-to-out direction and if you set up SNAT for internal subnets, the Cisco sees only 192.168.2.x on the FGT interface.
But if I were to add a router in front to a FGT, I wouldn't do NAT at all on the FGT. Instead expose those internal subnets to the Cisco so that the Cisco can NAT all of them.

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded