Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
segmentation_fault
New Contributor III

Created on ‎10-23-2022 05:38 PM Edited on ‎10-23-2022 05:39 PM

Configuring a Fortigate 60E for new ISP?

I am a volunteer at a local tennis club that has a rather complicated rack system with a fortigate 60e. The system has several VLANS for the security cameras, guest wifi, etc. I have been tasked with switching everything from Verizon fiber to Spectrum fiber. The spectrum fiber has already been installed and I tested it with a laptop by manually entering the ip range, gateway etc and it works. Now I want to plug it into the fortigate 60e and unplug the Verizon.. To make things more complex, there is also a secondary backup ISP from Spectrum cable. That we also want to get rid of.

 

I have experience with home routers but the fortigate 60e settings are rather complex. Is there a paid support we can buy that can walk me through everything I need to change? We tried contacting the original company who set it all up but they said they are too busy. Or should I just post screenshots of what I think I should do and go from there?

Labels:
4968
0 Kudos
1 Solution
distillednetwork
Contributor III
In response to segmentation_fault

Created on ‎10-25-2022 01:08 PM

Yes, x.x.x.144/29 would be the network address (identifies the network) and can not be used as a host address.  The available host addresses in that range are x.x.x.145-150.  They should have given you one of those addresses as the gateway and you should be able to pick from the others for what address you want to put on your firewall.  You could also use one of the other addresses for your VIP ie.if .150 is the gateway address you could use  .145 on the firewall and .146 on the VIP.

View solution in original post

4863
0 Kudos
16 REPLIES 16
AntonyChen
New Contributor III

Created on ‎10-23-2022 08:43 PM Edited on ‎10-23-2022 08:46 PM

so why this is so hard to you, just simple unplug old cable and replace it with new one, then enter new network information the isp provided, i think you have the admin right on the device? If you want  old line to be backup line, just enable SD-WAN feature on your router with wan members are old port and new port, this case you plug new line to new port on router and keep the old . With sdwan, you can configure sdwan rule to priority packet to new line and old line as backup routing.

3460
distillednetwork
Contributor III

Created on ‎10-24-2022 08:10 AM

If you plug in the new connection to where the verizon is you can just change the ip address on that port as well as the route in the static routes to point to the new gateway address.

 

As far as removing the backup connection, when you unplug the cable from the firewall any rules (where they are sdwan or just basic failover) will be inactive and you should be able to leave the configuration in there. 

 

If you are uncomfortable doing it yourself, I would suggest finding a local fortinet partner that is willing to help in your area.

 

https://partnerportal.fortinet.com/directory/

 

3452
segmentation_fault
New Contributor III
In response to distillednetwork

Created on ‎10-24-2022 01:29 PM Edited on ‎10-24-2022 01:34 PM

Thanks, for the tips! I am a little nervous about breaking the whole system as I am not sure what all the settings mean. In any case, here is what I plan to do and you can correct me if anything is wrong:

 

First thing is we won't be needing the backup Spectrum Cable ISP anymore. So per your advice we are probably safe to ignore it or unplug it.

 

Here are settings for the new Spectrum FIOS internet:

 

IP Address Network xxx.xx.xx.144/29
Gateway xxx.xx.xx.145/29
Usable: xxx.xx.xx.146 Through xxx.xx.xx.150

So first I'll unplug the Verizon FIOS and then plug in the Spectrum FIOS to the same port. Next I will overwrite the current settings for Verizon FIOS with the the new values wherever applicable in the screenshots below:

 

The last image is for a raspberry pi running a web server off port 80.

 

Capture.PNGCapture2.PNGCapture3.PNGCapture4.PNG

3445
0 Kudos
distillednetwork
Contributor III
In response to segmentation_fault

Created on ‎10-24-2022 01:37 PM

Yes, that looks about right.  The only other thing which I assume would not be the case would be anything under SWAN.  Looks pretty basic and those changes should do it based on the information provided in the screenshots.

 

3443
segmentation_fault
New Contributor III
In response to distillednetwork

Created on ‎10-24-2022 01:45 PM

Thanks! Here's what I see under SD-WAN:

 

sdwan1.PNGsdwan2.PNG

3438
0 Kudos
AntonyChen
New Contributor III
In response to segmentation_fault

Created on ‎10-24-2022 07:07 PM

if you just only want replace old line by new one, simple change the interface information the new isp provided,  i see that you have some VIP configuration with specified external IP, you may replace this by new one if the interface you published the VIP is same to the one need to replace

3423
0 Kudos
segmentation_fault
New Contributor III
In response to distillednetwork

Created on ‎10-25-2022 11:36 AM Edited on ‎10-25-2022 11:37 AM

I made the changes today at the tennis center. Unfortunately, I am unable to connect to the internet now on any device. I suspect it may have to do with the IP/network mask. Spectrum FIOS provided this:

 

Network xxx.xx.xx.144/29

 

So I put in this below which gives an error: It accepts if I put 255.255.255.0 which is what is was for the Verizon FIOS.

 

problem0.PNG

3395
0 Kudos
distillednetwork
Contributor III
In response to segmentation_fault

Created on ‎10-25-2022 01:08 PM

Yes, x.x.x.144/29 would be the network address (identifies the network) and can not be used as a host address.  The available host addresses in that range are x.x.x.145-150.  They should have given you one of those addresses as the gateway and you should be able to pick from the others for what address you want to put on your firewall.  You could also use one of the other addresses for your VIP ie.if .150 is the gateway address you could use  .145 on the firewall and .146 on the VIP.

4864
0 Kudos
distillednetwork
Contributor III
In response to distillednetwork

Created on ‎10-25-2022 01:09 PM

I just saw your comments earlier 

"Gateway xxx.xx.xx.145/29
Usable: xxx.xx.xx.146 Through xxx.xx.xx.150"

 

So give your firewall anything from .146 to .150 since they are using .145 for the gateway.

3390
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.