Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
segmentation_fault
New Contributor III

Configuring a Fortigate 60E for new ISP?

I am a volunteer at a local tennis club that has a rather complicated rack system with a fortigate 60e. The system has several VLANS for the security cameras, guest wifi, etc. I have been tasked with switching everything from Verizon fiber to Spectrum fiber. The spectrum fiber has already been installed and I tested it with a laptop by manually entering the ip range, gateway etc and it works. Now I want to plug it into the fortigate 60e and unplug the Verizon.. To make things more complex, there is also a secondary backup ISP from Spectrum cable. That we also want to get rid of.

 

I have experience with home routers but the fortigate 60e settings are rather complex. Is there a paid support we can buy that can walk me through everything I need to change? We tried contacting the original company who set it all up but they said they are too busy. Or should I just post screenshots of what I think I should do and go from there?

1 Solution
distillednetwork

Yes, x.x.x.144/29 would be the network address (identifies the network) and can not be used as a host address.  The available host addresses in that range are x.x.x.145-150.  They should have given you one of those addresses as the gateway and you should be able to pick from the others for what address you want to put on your firewall.  You could also use one of the other addresses for your VIP ie.if .150 is the gateway address you could use  .145 on the firewall and .146 on the VIP.

View solution in original post

16 REPLIES 16
AntonyChen
New Contributor III

so why this is so hard to you, just simple unplug old cable and replace it with new one, then enter new network information the isp provided, i think you have the admin right on the device? If you want  old line to be backup line, just enable SD-WAN feature on your router with wan members are old port and new port, this case you plug new line to new port on router and keep the old . With sdwan, you can configure sdwan rule to priority packet to new line and old line as backup routing.

distillednetwork
Contributor III

If you plug in the new connection to where the verizon is you can just change the ip address on that port as well as the route in the static routes to point to the new gateway address.

 

As far as removing the backup connection, when you unplug the cable from the firewall any rules (where they are sdwan or just basic failover) will be inactive and you should be able to leave the configuration in there. 

 

If you are uncomfortable doing it yourself, I would suggest finding a local fortinet partner that is willing to help in your area.

 

https://partnerportal.fortinet.com/directory/

 

segmentation_fault

Thanks, for the tips! I am a little nervous about breaking the whole system as I am not sure what all the settings mean. In any case, here is what I plan to do and you can correct me if anything is wrong:

 

First thing is we won't be needing the backup Spectrum Cable ISP anymore. So per your advice we are probably safe to ignore it or unplug it.

 

Here are settings for the new Spectrum FIOS internet:

 

IP Address Network xxx.xx.xx.144/29
Gateway xxx.xx.xx.145/29
Usable: xxx.xx.xx.146 Through xxx.xx.xx.150

So first I'll unplug the Verizon FIOS and then plug in the Spectrum FIOS to the same port. Next I will overwrite the current settings for Verizon FIOS with the the new values wherever applicable in the screenshots below:

 

The last image is for a raspberry pi running a web server off port 80.

 

Capture.PNGCapture2.PNGCapture3.PNGCapture4.PNG

distillednetwork

Yes, that looks about right.  The only other thing which I assume would not be the case would be anything under SWAN.  Looks pretty basic and those changes should do it based on the information provided in the screenshots.

 

segmentation_fault

Thanks! Here's what I see under SD-WAN:

 

sdwan1.PNGsdwan2.PNG

AntonyChen

if you just only want replace old line by new one, simple change the interface information the new isp provided,  i see that you have some VIP configuration with specified external IP, you may replace this by new one if the interface you published the VIP is same to the one need to replace

segmentation_fault

I made the changes today at the tennis center. Unfortunately, I am unable to connect to the internet now on any device. I suspect it may have to do with the IP/network mask. Spectrum FIOS provided this:

 

Network xxx.xx.xx.144/29

 

So I put in this below which gives an error: It accepts if I put 255.255.255.0 which is what is was for the Verizon FIOS.

 

problem0.PNG

distillednetwork

Yes, x.x.x.144/29 would be the network address (identifies the network) and can not be used as a host address.  The available host addresses in that range are x.x.x.145-150.  They should have given you one of those addresses as the gateway and you should be able to pick from the others for what address you want to put on your firewall.  You could also use one of the other addresses for your VIP ie.if .150 is the gateway address you could use  .145 on the firewall and .146 on the VIP.

distillednetwork

I just saw your comments earlier 

"Gateway xxx.xx.xx.145/29
Usable: xxx.xx.xx.146 Through xxx.xx.xx.150"

 

So give your firewall anything from .146 to .150 since they are using .145 for the gateway.

Labels
Top Kudoed Authors