We have a Fortinet FortiGate 200B. Our ISP gave us 5 IPs to use. The first is our main address assigned to the 200B's MAC address. They also have 3 IPs looking for our DVR security systems also by MAC address. Here is the set up:
X.X.X.150 = Our main IP.
X.X.X.151 = DVR #1.
X.X.X.152 = DVR #2. X.X.X.153 = DVR #3.
X.X.X.154 = Nothing used yet.
My question is how do I set up the Fortinet FortiGate 200B to see all 5 of these IPs coming from the modem?
There are no WAN ports so I sat up Port 11 as DHCP for the ISP.
I pretty much followed these directions:
http://kb.kaminskiengineering.com/node/377
I went to Firewall Objects > Virtual IP > Virtual IP and created the ports that need to be forwarded to. There are four ports needed for each DVR. The port numbers are the same for each DVR, but the external IP is different. Therefore, there are 12 entries.
I then went to Firewall Objects > Virtual IP > VIP Group and created three groups for each DVR using the four ports forwarded to for each group.
Last of all, I want to Policy > Policy > Policy and created a Port 11 > The Switch and added each VIP Group in this order:
[ul]No boxes are checked.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm afraid the ISP will only assign ONE IP address per MAC, not multiple.
Instead of plugging the cables from the DVRs into the FGT you could plug them into a switch, right? Any thoughts about this?
Each building has them plugged into a switch. The switches eventually make their way to the Fortigate.
If the ISP cannot reserve them by just one MAC address, how should I ask them to do it? Would getting a pool of IPs reserved work if I enter them into the IP Pool section of the Fortigate? I wish they would let this new modem connect manually instead of using DHCP, but they said it will not work that way which sucks because, if I could do it manually, I could specify secondary IPs on the Fortigate Interface connection to the modem.
Distributing multiple addresses via DHCP onto one port doesn't seem to be easy. Authenticating with MACs won't work here, authenticating against one MAC might work. You'd have to make sure the DHCP requests reach the WAN side all through your network though.
There's still the option to use a WAN switch and connect the DVRs to it. No security by your FGT but it should work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.