Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Configuration of fortigate firewall for 30 severs Over public ip
Hi everyone,
I currently have one ISP link terminated on an ON WAN switch, with 30 servers connected to this switch using public IPs. We're planning to replace the switch with a FortiGate firewall. Can anyone guide me on how to configure the FortiGate firewall to accommodate these 30 servers with their public IPs. Your help would be greatly appreciated.
Labels:
- Labels:
-
FortiGate
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Here can be overall steps.
1. Network design:
- If you want to keep the public IPs on the servers then you can use FG transparent mode
- Otherwise use NAT mode and you will change the IP addresses of your servers to private IP addresses
- In the 2nd case the pub IP addresses will be configured as VIPs at FG level
- You can group your servers in multiple DMZs depending on usage
- A L2 switch is needed, create one VLAN for each DMZ
- You can put each DMZ behind a separate FortiGate 1G port, or put them all in one trunk behind a 10G port
2. Configure your FG:
- If you use FG in NAT mode you need to map the pub IP addresses to the servers' private IP addresses
- You can use VIPs. ne VIP for each server or multiple servers behind one VIP, it depends on port usage and other requirements.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/155333/virtual-ips-with-port-forwarding - Otherwise you can use virtual server if you need something more elaborated like load balancing.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/713497/virtual-server - Then you need then to create firewall policies as shown in the above docs
AEK
AEK
