Best practice - How do I setup for 1 WAN connection and two subnets?

CanterburyComputers · ‎10-24-2018

I have a customer with a single WAN connection and two separate subnets 192.168.10.x - used for internal office - also needs wifi configured 192.168.20.x - used for general public Both subnets need internet access Ideally I would want to setup a separate port on the Fortigate for each subnet.

What is the best practice method of installing the Fortigate. Very much a novice! Thanks for your assistance.

emnoc · ‎10-24-2018

You could do 2 multi-vdom and inter link or just a single vdom. What is driving you to key LAB subnet in two ports for the uplink? Compliance, isolation, policy.....

I don't think a BCP exist in this case, and your business objects might mandate what you do or not do, imho

Ken Felix

PCNSE

NSE

StrongSwan

CanterburyComputers · ‎10-24-2018

isolation of the business systems from the general publics network

emnoc · ‎10-24-2018

So what does that mean? Does 192.168.10.x never need internet access { general public }? If that's the case, than place no firewall policies to allow for that.

Ken Felix

PCNSE

NSE

StrongSwan

CanterburyComputers · ‎10-24-2018

both subnets need internet access

sw2090 · ‎10-29-2018

The most simple way is just set up one port for each subnet (alas you don't want to use vlans) and create an internet policy for each one.

This also enables you to set trafficshapers or Web/URL Filters seperately for each.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Best practice - How do I setup for 1 WAN connection and two subnets?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website