For example, carrier provides me with qty 2 sets 32 IP address and I want to host 1u servers where I will provide 1 IP (public) address and 1 server management IP address for an HP server or Dell server. How do I allocate a single IP address out of the IP block? Provide a second IP subnet and assign for the server management IP.
TRied looking for a sample config, either it is not out there or more likely I am asking the wrong questions.
My goal is to prevent a server neighbor reconfiguring their WAN IP that they have not been assigned and causing an interruption with another server with similar IP.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm a bit old school so may not have new and fresh ideas that FGTs are capable of, and I'm not going to give you a complete security solution here, but here's how I'd approach it in a simple to understand solution. At the fortigate perimeter, you're going to have a set of IPs defined on the WAN. You'll then have NATs that translate traffic from the external IP address to the assigned internal IP addresses (10.x or your choice of non-routables). On the inside, I'd be using VLANs so that you don't get any chance to jump addresses through random guessing of IP, subnet, and gateways. You hard allocate a host to a VLAN (through cabling) and give it some fixed IP addresses, and if the server manager decides to change the IP address then they lose access to the box. if they move the IP from say 10.0.0.5 to 10.0.0.6, the external NAT no longer works; if they move the IP to 10.0.1.5 then the VLAN trips them up and they don't block the neighbour's server that lives on that IP address and can't absorb traffic that wasn't meant for them.
To permit inbound access you'd have a set of VLAN interfaces on the FGT and each tenant's policy ruleset would permit traffic from WAN to their VLAN (and only their VLAN).
You would not have these configuration problems if you were using better dedicated server. I use bare metal server and those are much better for use. They are a bit more expensive than virtual servers, but it is really worth it. The good thing about them is that the price is lowering and now it is really great to buy them on GTHost. They are really cool because they will set it up in 15 minutes so you won't bother with that. Your latency will always be good and there will be no glitches or lag, and you can always rely on their customer support for help. It does cost more, but if you think about it, in the long run it is much better investment.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1070 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.