I’m working on a project where a client is installing a new camera system. The vendor will provide their own router and PoE switch. We need to connect this router to the client’s existing firewall (91G), and the client has available public IP addresses.
Can I configure the 91G firewall to pass-through mode, allowing the vendor’s router to use a public IP directly? Or is there a better approach to integrate the vendor’s router with the client’s firewall?
BTW, the camera vendor will handle all system management independently and requires full access to their equipment, which will be completely separate from the client’s network.
Thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is the reason to put the device behind the firewall? Why not use NAT mode? Does the public IP space exist on the 91G itself? Or in front of it?
Created on 08-27-2024 07:20 AM Edited on 08-27-2024 07:30 AM
The camera vendor wants complete access to their equipment and cameras. Yes the firewall is handling the public IP space.
They also want their router to have a public IP address.
You can use virtual wire pair or transparent VDOM.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/166804/virtual-wire-pair
But I'd prefer use a VIP instead, I mean the public IP defined on FortiGate and mapped to private IP of the camera router. I find this cleaner and you can do better security.
would a DMZ with VIP a better solution?
Yes I'd do it that way.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.