Hi All,
I have a problem with my implementation with fortigate 90D in my office.
My ISP give me /29 public IP to be used for our server, to access the ISP network, they give me another network (uplink network). I also want to create NAT for our staff. Is it possible to use fortigate 90D to accomplish this network plan?
I think it's quite usual network diagram, I already done it using mikrotik, but I want to change the mikrotik with fortigate 90D.
Please give me your suggestion how to configure the fortigate 90D. ( I use interface mode )
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
VDOM in Transparent mode
Thank you for your answer gschmitt, but I really don't get it at all, how to do VDOM in transparent, would you like to elaborate?
Start with this: https://www.youtube.com/watch?v=31MfllV3IwE but set one of the VDOMs to Transparent
Create a VDOM Link and treat the NAT VDOM as "just another device behind the Transparent VDOM"
Here is how you deal with a Transparent FGT: https://www.youtube.com/watch?v=xF1uvfEIr3M
I can do a bigger how to but I need to get to my test device first :>
I still no in clear understanding how this approach will solve my problem, but you gave me a quite interesting key "VDOM", I have plenty thing to try using this "VDOM", thank you for your suggestion, I will try it first.
Okay ignore what I said about VDOMs I just looked at your IPs again
You basically have your normal external IP range (222.222.221.112/28) and additional network (222.222.222.224/29) routed to your 222.222.221.113 IP?
In that case simply give your internet facing interface (wan) the 222.222.221.113/28 IP
Give your dmz interface the IP 222.222.222.225 and give the clients in the dmz network IPs from the 222.222.222.224/29 network.
Create wan to dmz policies to access them
Network 222.222.221.112/28 is not ours. It is just trunk to my ISP, we assigned 1 IP to connect our network (222.222.222.224/29) to the ISP's network. we can only doing nat from our network, we can't do it on trunk network.
On the other hand, I have further question based on your explanation:
1. about DMZ, does fortigate 90D has DMZ interface?
2. How do I create NAT for my private network?
Thank you for the knowledge Sir
effendisusanto wrote:Okay I am confused about your ip setup :\Network 222.222.221.112/28 is not ours. It is just trunk to my ISP, we assigned 1 IP to connect our network (222.222.222.224/29) to the ISP's network. we can only doing nat from our network, we can't do it on trunk network.
On the other hand, I have further question based on your explanation:
THe FortiGate 90D doesn't have a "dedicated" dmz interface. You can, however, simply use wan2 if not otherwise occupied.1. about DMZ, does fortigate 90D has DMZ interface?
You can also change the FortiGate from Switch to Interface mode which makes all 14 interfaces standalone
That way you can have 14 dmz if that's what you want :D http://docs-legacy.fortin...stallation.023.05.html
2. How do I create NAT for my private network?
On the Policy going from the internal to the wan interface
Go to Policy&Objects > Policy > IPv4 and expand your internal - wan1 section
Double click the policy in question
Check NAT on
By default you will Use Outgoing Interface Address as NAT IP (the IP of wan1 in this case)
If you want to change that you can Use Dynamic IP Pool and select an IP pool.
You can create these in the Dropdown menu or at Policy&Objects > Objects > IP Pools
I stick to your "VDOM" idea, it is great :D, I already change the FG to interface mode since it easier to manage (IMO). Currently I make 2 VDOM, first VDOM dedicated to my ip_public, and the second for my ip_private. But in consequence, I've to waste 1 public IP to be NAT-ed. But I think it's good enough :D, I will update my network scheme later
Hi Team,
Need help as fortigate configuration product 200 E .
scenario diagram.
5 vlan need to created we have got Lan /29 public IP pool from ISP. so how to mangage this IP to 5 VLAN subnet with dhcp ip,dns etc.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.