Hi All,
my first post here, so sorry for my level !! (and for my English, as I'm French). I have a little pb with my Internet provider TV player. I'm a customer of the French provider Free. It's a cheap and good Internet provider. My subscription is on Fiber, and the model is Freebox Revolution. So I have 2 parts : a router (the freebox server) and a tv Player (Freebox Player). In normal use, the Freebox Server (FS) is acting as a router with services (telephone, tv recording, multiplayer) but you need to connect the Freebox Player (FP) directly on one of the 4 Lan ports of the FS. That works as a charm. But for parental control (!) I wanted to connect it through my FortiWifi 60E. Before doing this I had to put my FS in Bridge Mode. So the FS is connected on my Forti on Wan1, with my public static Internet V4 Add. Regarding internet services, for my pc's that's ok. (but not really for my smart tv (for netflix) but it's not the pb for the moment). In fact, the FP communicates with the FS via VLAN 100 taggued packets (and also via untaggued vlan for some services). So I tried to configure VLan but I must make a mistake somewhere. I wanted to dedicace the Port 7 for my player (by the way my FP is connected on a GS108 Netgear little 8 ports switch, but it should handle Vlan because it has also been connected to my Freebox Server through it earlier), to have a secured and controlled link for this player without putting security leak on my 'internal' common switch (port 1-6). And most important thing : to make it works !!! (I had formely a Netgear UTM20 FW and I never achieved to connect it correctly lol But I've seen many tutos working but none where for Fortigate. For asus router with DD-RWT they say to do that : echo "0t 4t" > /proc/switch/eth0/vlan/100/ports), and
for open wrt :
config 'interface' 'lan'
option 'ifname' 'eth0.1'
option 'type' 'bridge'
option 'proto' 'static'
... ...
config 'switch_vlan'
option 'device' 'rtl8366s'
option 'vlan' '100'
option 'ports' '0t 5t'
...
config 'interface' 'fbx'
option 'proto' 'none'
option 'send_rs' '0'
option 'stp' '1'
option 'type' 'bridge'
option 'ifname' 'eth0.100 eth1.100'
if that could help). I understand the idea but i don't know how to implement it on my Forti :'(
Do anyone here has already configured a Freebox behind a Fortigate ? or any one have an idea to configure it please ? That's a lot :) See Ya Brian
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
never configured a freebox.
However FortiOS treats vlans as virtual interfaces. Those are chained to a physical interface.
So if your FS is connected to wan1 you could create a vlan interface on wan1 that has vid 100.
The you will need some policy t allow the traffic you want t go there.
Then all trafic that goes through that vlan interface will leave wan1 and go to the FS tagged with vid 100 and all packets that go to wan1 directly will go to the FS untouched.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hi @sw2090 Thanks for your answer. That's about what I tried to do but it doesn't work. The Freebox Player is seeking for his add via DHCP (I enabled the option in his menu to say : when the Freebox Server is in Bridge mode anyway ask your add via DHCP). I Tried to put the sniffer log on the WAN1 interface and I can only see non IP traces : a dhcp discover a dhcp request an after just SSDP notify :'( I tried an option : Multicast routing but i think i didn't manage to configure it correctly ... I've read your answer (and some others you wrote formerly), and the Forti should pass the packets untouched through the VLAN interfaces (Wan1 and Port 7 (I put it on the Port 7 and tried also on the Internal software switch port)) and I don't understand .. May be I should put a sniffer on the line but well i'm no longer good enough :'( (last time i tried a sniffer was for X25 packets lol ... ) For sure it's not easy for you to help me, and i thank you anyway :) And I can't find a French user with a Freebox. :'(
Freebox are mostly used for personnal use and few have a FW :'(
Hi @sw2090 :) I made some more tests but no way. The freebox Player is seeking for a dhcp I think. But when I look in the sniffer log I can't see anything excepted non ip lines ... (as i wrote previously). So I tried to add rules to allow from any to any or from vlan Wan to Vlan Port 7 ... I tried everything but no way :'( Then i put back the wire on the free server and it works (i think there is a little pb anyways as the bridge mode seems to be designed for having just one device connected .. but i'm not sure). I can't find French people using Fortinet here :'( ... I tried to call the French number but I was routed to Forti hotline USA i think, and my level in English speaking is too low, and anyway without having a freebox it will be difficult :'(
You have better chances to get routed to Sophia Antipolis when calling during normal working hours in France. You might be lucky and ask the support person to be connected through to a Canadian colleague who speaks French.
thanks @ede_pfau I'll try tomorrow at different times. The operator, last time suggested me to send my request via the site form ... I have to try, but I'm sure that the French team has someone who managed to solve that pb already. I also tried to ask the Free hardware support bug team to change the firmware to have the possibility to manually config the ip add of the player ... But I think I may not have a firmware upgrade for yesterday ;) Thank you for your advice :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.