Hello everybody I'm new here and a noobie and I have difficulties figuring out how to configure my FortiGate. In exact words how to configure my "wan" and "internal" interfaces. FortiGate Address is 192.168.1.99, my local Network is 192.168.64.x and my router is my gateway with the address 192.168.64.1. The ISP IP Address is 212.186.186.150 and the computer from which I'm testing has the IP 192.168.1.100. The configuration should be like Internet--Router -- FortiGate - local Network. Everything I've tried I can't get it to work. What should be settings on "wan" and "Internal" interfaces? I get an access to the internet from 192.168.1.100 but I don't have the access to the it from outside (RDP). Because the traffic from outside comes to the router first, it should pass all the traffic to the FortiGate behind. How should i do that?
Sorry I know there are a lot of question but I really need help.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you're really new and need to configure it right away without enough time to read around the handbook, and other materials, the best way is to search below keywords with your favorite search engine, which would provide you links to various FortiOS versions of Fortinet cookbook. Then choose the link of your version. In your case, just disable NAT at the policy creation page since your ISP's router is doing NAT.
The keywords are "fortinet cookbook installing fortigate in nat/route mode"
Cascading routers is never a good idea. Nevertheless it works with some twiddling.
What you could try first is to forward ALL traffic from the ISP router to the FGT, sometimes called "exposed host". In this way the public IP address is handed down to the FGT WAN port which is necessary for FortiGuard updates, VPN etc.
If you cannot configure the ISP router then 192.168.64.0/24 becomes your "transfer network" in which only 2 addresses are used: .1 for the router and .2 for the FGT WAN port. The LAN behind the FGT needs to have a different address range, like 192.168.22.0/24. The FGT can serve as the DNS, DHCP server and NTP server for your LAN.
You will find all of this (the basics) in the FortiOS Handbook, to be found on docs.fortinet.com. I personally don't like the videos from FTNT as 1- they are running like in fast-forward and 2- they don't tell you the why, just the how for this one special case. As no network is identical it's easy to miss the point.
If the handoff from your ISP is RJ-45, chuck their router and put the FGT at the edge.
Just sayin'...
I'm a FiOS consumer. Chucked their Actiontec router before it even left the box.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Just watch out if the connection is a PPPoE link... a desktop model FGT will max out at ~ 130 Mbps while a cheap router can handle 1 Gbps. The FGT hardware just doesn't account for this protocol.
Hello, did you find the solution please?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.