Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jacksonrd2525
New Contributor

Created on ‎01-07-2021 07:47 AM

Help configuring Fortinet 80E

I have a question about how I should configure my 80E Fortinet device. The drawing I've attached is a representation of what I'm trying to accomplish. On the right-hand side, you will notice a private network connected to another private network via a juniper srx345 FW. The could marked "Internal Network" is a network where public safety dispatch consoles are comprised. and it's IP scheme is 10.2.43.0/24. The cloud marked "Customers Network" has an unknown configuration. They have stated that the WAN port of my Fortinet will have an IP address in the 10.102.56.0/24 range. Also, their FW connected to the internet will allow IPsec VPN traffic. I will NAT traffic from the Juniper interface that's facing the Fortinet to two addresses in the 10.2.43.0 network (these two addresses (10.2.43.21 & 10.2.43.22) will be representative of the two laptops you see on the left-hand side of the diagram). The operation is as follows: The two laptops (consoles) will be housed in a mobile vehicle. When powered up, the consoles will initially receive a DHCP address from the ATT LTE router that will be housed at the same location. That way they will be able to search the internet, BUT when they want to dispatch, they would activate their Forticlient VPN, received an IP address from the Fortinet FW (I will map their MAC addresses to a pool of IP addresses configured on the Fortinet...that way each laptop receives the same IP every time). After the VPN is connected, they will open an application on the laptops that will "look" for the proxy console on the 10.2.43.0/24 network (see far right side of the diagram).

 

So, my questions are:

1). Should I configure the Fortinet in NAT or Transparent mode?

2). The network space between the juniper and Fortinet...should that be an IP scheme in the 10.1032.56.0 network, or should that be in the NAT'd IP scheme of the 192.168.43.0 network (I plan on having the juniper NAT the two 10.2.43.0/24 addresses that I want the remote consoles to "look" like to the 192.168.43. 21 and 22 addresses).

3). What IPO address should I configure into the Fortinet IPSec VPN poll?

 

I appreciate any assistance that anyone can provide. Thank you in advance.

 

Preview file
639 KB
2358
0 Kudos
2 REPLIES 2
MikePruett
Valued Contributor

Created on ‎01-10-2021 09:33 AM

Your image is not showing for me.

Mike Pruett

Fortinet GURU | Fortinet Training Videos

Mike Pruett Fortinet GURU | Fortinet Training Videos
1415
0 Kudos
ede_pfau
Esteemed Contributor III
In response to MikePruett

Created on ‎01-11-2021 07:30 AM

...or anybody.

I for my part would just be too curious after posting and actually have a look whether my posted image really shows...


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
1415
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.