We have a client that has a new Fortigate 100F that they (and in turn we) need assistance to setup properly, since they're our only client using DMZ.
We need 2 address available publicly. x.y.z.194, which we've set as the WAN1 address and added a VIP that's mapped to their 192.168.x.x mail server on the necessary ports. We also have a web server connected to the DMZ with a configured address of x.y.z.195. What do we have to configure to make the web server accessible on http and https from the internet properly. I assume we'll need policy routes to allow traffic from the WAN to the DMZ, but I'm not sure how the DMZ port needs to be configured, or what other items need to be set. Unfortunately we can't do much testing since the fortigate needs to be configured before replacing their current (non fortigate) firewall, so we're trying to get this as close to correct as possible
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I followed this Youtube Video. https://www.youtube.com/watch?v=-EhygoAjLXE
It covers multiple topics, but the first half of the video is about the DMZ. I did it and was able to Ping a computer in the DMZ. (that's all i was testing)
Also note the video Author did make a mistake, he fixes it and explains it.
Hope it helps.
So, the server is directly external exposed, correct?
In this case there are two things that you can to do:
[ol]Certainly not a safe solution.
Alternatively, is there a way to bypass NAT completely. In their current setup, they have a bridge between WAN1 and the DMZ to allow multiple Public IPs to run through a single WAN port
I followed this Youtube Video. https://www.youtube.com/watch?v=-EhygoAjLXE
It covers multiple topics, but the first half of the video is about the DMZ. I did it and was able to Ping a computer in the DMZ. (that's all i was testing)
Also note the video Author did make a mistake, he fixes it and explains it.
Hope it helps.
So, the server is directly external exposed, correct?
In this case there are two things that you can to do:
[ol]Certainly not a safe solution.
Thanks for the input. We ended up running two WANs. WAN1 handles their standard internal LANs, and we created a software switch with WAN2 and the DMZ, with WAN2 connected to their provider and the DMZ port connected to the web server directly.
So, the server is directly external exposed, correct?
In this case there are two things that you can to do:
[ol]Certainly not a safe solution.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.