Hi,
I have a FortiGate 80C in my company, roughly 70 users.
It connect with 3 internet line which each line's speed is 4mb dl / 512kbps ul
I not familiar with Fortinet product, basically, I just search on google and do it by myself, set up each interface policy, it works ok in the company.
but I sure there is a good practice to setup the firewall, so I seeking the opinion from the expert at this forum.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hey Wong
is there certain configuration you want to achieve?
you can set the policy routing to basically whatever you want , currently i believe you have it to permit all traffic.
so if you have any idea of what traffic you actually want to firewall , or to deny access to LAN from WAN or vice versa , people here would be able to point you to the right direction.
I have FGT80C also but that does not matter ;)
1>
If your looking at achieving load balance across all three you could do a virtualwan
2>
or SNAT a range address behind each 3x interfaces with PBR
3> or distribute traffic by types
web-browsering link#1
dns link#2
all other link#3
eg ( pbr )
config router policy
edit 1
set end_port 80
set input_device "lan"
set output_device "wan1"
set gateway 1.1.1.1
set protocol 6
set start_port 80
next
edit 2
set end_port 443
set input_device "lan"
set output_device "wan1"
set gateway 1.1.1.1
set protocol 6
set start_port 443
next
edit 3
set end_port 53
set input_device "lan"
set output_device "wan2"
set gateway 2.2.2.2
set protocol 17
set start_port 53
next
end
You will need the correct policies to match
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.