I have a Fortigate-400E and a 4G Router.
About the 4G Router
This router has an IP address of 192.168.x.x. To get internet access, all I have to do is plug in a LAN cable from the 4G Router to a PC. That simple.
About the Fortigate
This firewall has a 10.10.x.x IP address range.
My Question
How do I set the 4G Router to the firewall? Right now I have plugged in a LAN cable from the 4G router to firewall physical interface 10. What configurations do I make? Do I change the role of the interface to LAN or WAN? What else needs to be done? Create a VLAN? Once this part is done, I can create a policy, that part I is not a problem.
Could someone provide a step by step configuration guide? It is so simple without the firewall but I have no clue how to get it done thru the firewall.
Solved! Go to Solution.
I've go this to work. Here's a step by step for newbies.
1. Plug in a LAN cable to the 4G router and connect it to an interface on the firewall.
2. Set the Role of that interface as LAN.
3. Set the IP/Netmask using the IP range of the 4G router, not you internal network IP range. Manual or DHCP is up to you. I selected Manual so that the interface IP is always the same.
4. Disable Receive/Transmit LLDP
5. Enable DHCP Server.
6. Set Default gateway to "Same as Interface IP"
7. Set DNS server to "Same as System DNS"
Next, create a Firewall Policy where the Outgoing Interface is the interface that you just configured above.
The easiest solution is to double NAT, just set the port 10 to receive IP from DHCP and create a policy to NAT (use outgoing interface) all the FGT traffic to the 4G router.
The recommended solution is to enable static or dynamic routing on both FGT and 4G router, you can take a look at the example below that shows the steps:
https://docs.fortinet.com/document/fortigate/6.0.0/Handbook/177888/static-routing-example
P.S If it's misleading focus only on the GUI steps, the CLI configuration is the same as done by the GUI but mentioned if you prefer to do it via CLI
So it's forwarding traffic to port 10 directly? No need to enable wwan?
The role of the port10 should be WAN or LAN?
The role is just for ease of configurations. Changing the role will not automatically do any Routing or NAT-ing. Default route and Firewall policies will handle it.
you can read about interface role here: https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/574723/interface-settings
I've go this to work. Here's a step by step for newbies.
1. Plug in a LAN cable to the 4G router and connect it to an interface on the firewall.
2. Set the Role of that interface as LAN.
3. Set the IP/Netmask using the IP range of the 4G router, not you internal network IP range. Manual or DHCP is up to you. I selected Manual so that the interface IP is always the same.
4. Disable Receive/Transmit LLDP
5. Enable DHCP Server.
6. Set Default gateway to "Same as Interface IP"
7. Set DNS server to "Same as System DNS"
Next, create a Firewall Policy where the Outgoing Interface is the interface that you just configured above.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.