Configuration of fortigate firewall for 30 severs Over public ip

Akshay289 · ‎03-21-2024

Hi everyone,

I currently have one ISP link terminated on an ON WAN switch, with 30 servers connected to this switch using public IPs. We're planning to replace the switch with a FortiGate firewall. Can anyone guide me on how to configure the FortiGate firewall to accommodate these 30 servers with their public IPs. Your help would be greatly appreciated.

AEK · ‎03-21-2024

Hello
Here can be overall steps.

1. Network design:

If you want to keep the public IPs on the servers then you can use FG transparent mode
Otherwise use NAT mode and you will change the IP addresses of your servers to private IP addresses
In the 2nd case the pub IP addresses will be configured as VIPs at FG level
You can group your servers in multiple DMZs depending on usage
A L2 switch is needed, create one VLAN for each DMZ
You can put each DMZ behind a separate FortiGate 1G port, or put them all in one trunk behind a 10G port

2. Configure your FG:

If you use FG in NAT mode you need to map the pub IP addresses to the servers' private IP addresses
You can use VIPs. ne VIP for each server or multiple servers behind one VIP, it depends on port usage and other requirements.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/155333/virtual-ips-with-port-forwarding
Otherwise you can use virtual server if you need something more elaborated like load balancing.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/713497/virtual-server
Then you need then to create firewall policies as shown in the above docs

AEK

Configuration of fortigate firewall for 30 severs Over public ip

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website