Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- LAN/WAN NAT configuration with Fortigate 90D
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LAN/WAN NAT configuration with Fortigate 90D
Hi All,
I have a problem with my implementation with fortigate 90D in my office.
My ISP give me /29 public IP to be used for our server, to access the ISP network, they give me another network (uplink network). I also want to create NAT for our staff. Is it possible to use fortigate 90D to accomplish this network plan?
I think it's quite usual network diagram, I already done it using mikrotik, but I want to change the mikrotik with fortigate 90D.
Please give me your suggestion how to configure the fortigate 90D. ( I use interface mode )
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VDOM in Transparent mode
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your answer gschmitt, but I really don't get it at all, how to do VDOM in transparent, would you like to elaborate?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Start with this: https://www.youtube.com/watch?v=31MfllV3IwE but set one of the VDOMs to Transparent
Create a VDOM Link and treat the NAT VDOM as "just another device behind the Transparent VDOM"
Here is how you deal with a Transparent FGT: https://www.youtube.com/watch?v=xF1uvfEIr3M
I can do a bigger how to but I need to get to my test device first :>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I still no in clear understanding how this approach will solve my problem, but you gave me a quite interesting key "VDOM", I have plenty thing to try using this "VDOM", thank you for your suggestion, I will try it first.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay ignore what I said about VDOMs I just looked at your IPs again
You basically have your normal external IP range (222.222.221.112/28) and additional network (222.222.222.224/29) routed to your 222.222.221.113 IP?
In that case simply give your internet facing interface (wan) the 222.222.221.113/28 IP
Give your dmz interface the IP 222.222.222.225 and give the clients in the dmz network IPs from the 222.222.222.224/29 network.
Create wan to dmz policies to access them
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Network 222.222.221.112/28 is not ours. It is just trunk to my ISP, we assigned 1 IP to connect our network (222.222.222.224/29) to the ISP's network. we can only doing nat from our network, we can't do it on trunk network.
On the other hand, I have further question based on your explanation:
1. about DMZ, does fortigate 90D has DMZ interface?
2. How do I create NAT for my private network?
Thank you for the knowledge Sir
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
effendisusanto wrote:Okay I am confused about your ip setup :\Network 222.222.221.112/28 is not ours. It is just trunk to my ISP, we assigned 1 IP to connect our network (222.222.222.224/29) to the ISP's network. we can only doing nat from our network, we can't do it on trunk network.
On the other hand, I have further question based on your explanation:
THe FortiGate 90D doesn't have a "dedicated" dmz interface. You can, however, simply use wan2 if not otherwise occupied.1. about DMZ, does fortigate 90D has DMZ interface?
You can also change the FortiGate from Switch to Interface mode which makes all 14 interfaces standalone
That way you can have 14 dmz if that's what you want :D http://docs-legacy.fortin...stallation.023.05.html
2. How do I create NAT for my private network?
On the Policy going from the internal to the wan interface
Go to Policy&Objects > Policy > IPv4 and expand your internal - wan1 section
Double click the policy in question
Check NAT on
By default you will Use Outgoing Interface Address as NAT IP (the IP of wan1 in this case)
If you want to change that you can Use Dynamic IP Pool and select an IP pool.
You can create these in the Dropdown menu or at Policy&Objects > Objects > IP Pools
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I stick to your "VDOM" idea, it is great :D, I already change the FG to interface mode since it easier to manage (IMO). Currently I make 2 VDOM, first VDOM dedicated to my ip_public, and the second for my ip_private. But in consequence, I've to waste 1 public IP to be NAT-ed. But I think it's good enough :D, I will update my network scheme later
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
Need help as fortigate configuration product 200 E .
scenario diagram.
5 vlan need to created we have got Lan /29 public IP pool from ISP. so how to mangage this IP to 5 VLAN subnet with dhcp ip,dns etc.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- [Help] SD-WAN with BGP on Loopback... 76 Views
- Fortigate Rugged 60F unable to HA... 55 Views
- Fortigate not showing Deny logs 281 Views
- Traffic Shaping Configuration Issue Affecting ... 53 Views
- Forticlient SAML Authentication timeout 149 Views
Labels
-
FortiGate
8,464 -
FortiClient
1,712 -
5.2
801 -
FortiManager
710 -
5.4
639 -
FortiAnalyzer
547 -
FortiAP
457 -
FortiSwitch
456 -
6.0
416 -
FortiClient EMS
407 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
219 -
FortiWeb
199 -
5.0
196 -
IPsec
185 -
FortiNAC
176 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
75 -
Firewall policy
70 -
4.0MR3
64 -
FortiProxy
59 -
FortiADC
53 -
Fortivoice
52 -
High Availability
52 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
44 -
FortiSandbox
43 -
FortiDNS
42 -
DNS
40 -
Routing
39 -
BGP
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
32 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
23 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
SSL SSH inspection
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
FortiSOAR
13 -
SSID
13 -
Static route
13 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1660 | |
| 1077 | |
| 752 | |
| 443 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.