Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEndpoint
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiTester
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiAppSec Cloud
- FortiWeb
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Need to create static route or not in PPPOE connec...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need to create static route or not in PPPOE connection in order to get to the internet ?
Hi everyone,
I'm new to the FORTIGATE.....
I got cisco WRVS4400N (ISP gateway) directly connected to internet by CAT 5 cable which the connection type is PPPOE ,it got static ip example 172.17.0.50/255.255.255.255 because i off and on cisco the WAN IP remain unchanged, default gateway 111.68.12.200 and DNS1 and 2 which is 203.99.131.10 and 207.99.131.249 and the LAN IP 192.168.1.1and the username(test) and password(blank) (which can be see when log in to the cisco and WAN IP obviously one only subnet mask = 255.255.255.255 ).
Now i want to add my Fortigate 60D to the cisco WRVS4400N, i put the WAN1 addressing mode to PPPOE and key in the related username, password, enable retrieve gateway from server and override internal dns. The policy all have being set to allow OUT. The WAN1 is connected to the WRVS4400N Ethernet port, will disable the DHCP server in CISCO since will assign DHCP server from FORTIGATE 60D internel interface.
Question
1) Do i need to create static route which destination=0.0.0.0/0.0.0.0, Interface=WAN1, gateway=111.68.12.200 ? (actually i run through many cookbook and thread, pppoe is dynamic even i have static IP address) else what should i do ?
2) Do i need to key in DNS under fortigate,network to our MAIN SERVER DNS IP and DOMAIN NAME as i already enable override internel DNS from WAN1 interface or need to fill in as the above info 203.99.131.10 and 207.99.131.249 ?Which DNS IP i should fill in ? (because this fortigate is for branch usage located oversea ,just for two or three people)
3) Do i need to create DDNS for my fortigate 60D in order to able remote access/VPN from other country or just above IP address 172.17.0.50 will do ?
Thank you so much for you all
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
and welcome to the forums.
Your setup is a bit different from the obvious in that
- your ISP assigns a private IP address (RFC1918)
- your FGT will be the second router in the setup
- the FGT will have nothing to do with PPPoE at all
That is to say:
1- what your FGT will see as the WAN is 192.168.1.x/24, with gateway 192.168.1.1. The wan1 port should be in that range, e.g. 192.168.1.2/24. Just a static IP address, no PPPoE, no DHCP. Consequently, no 'override DNS' or 'obtain default gateway'.
This is called a transfer network. It is only used to connect the FGT to the ISP router.
You need to create a static route as default route, destination '0.0.0.0/0', interface 'wan1', gateway '192.168.1.1'.
The choice of internal address range is up to you EXCEPT for 192.168.1.x/24. I would choose something like 192.168.101.0/24, with .1 assigned to the 'internal' port/switch.
That of course leads to the DHCP server on 'internal' shelling out a range like 192.168.101.[20-100] with netmask /24 (= 255.255.255.0).
In the DHCP settings, specify either your ISP's DNS addresses (less elegant), or the FGT's internal address .101.1 in combination with a DNS on 'internal' which forwards to 'System DNS'. 'System DNS' of course is your ISP's DNS addresses.
Notice that in WAN facing policies you do not need to enable NAT. In fact you should not.
3- the DDNS thing is difficult, as you only get a private IP address from your ISP, assigned to the Cisco router, which cannot be addressed directly. At the moment, I'd say you cannot reach the router (nor the FGT) remotely. Workarounds:
- create a dial-out VPN from FGT to your management network
- make a Teamviewer session from an internal PC which has a browser running for administration from the 'internal' port
I hope you get started with this. Feel free to post additional questions if unclear.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ede, thank you so much for replied, no quite understand for the DNS setting FGT's internal address .101.1 in combination with a DNS on 'internal' so i should fill in 203.99.131.10 and 207.99.131.249 which i saw in cisco ?
2) Why should not need to enable NAT in order to get to the internet ?
3) When i create VPN autokey from my main site ,the REMOTE GATEWAY can i config as STATIC (172.17.0.50) ? in order to make connection between FORTIGATE ? Any solution to make work because the main purpose is VPN access shared folder to Main office, so can i make site to site connection using this static IP 172.17.0.50 ?
4) Or should i get the public accessible address from ISP example : 172.17.0.50/29
Labels
-
FortiGate
10,637 -
FortiClient
2,167 -
FortiManager
892 -
5.2
687 -
FortiAnalyzer
682 -
5.4
638 -
FortiSwitch
588 -
FortiClient EMS
565 -
FortiAP
562 -
IPsec
422 -
6.0
416 -
SSL-VPN
384 -
FortiMail
372 -
5.6
362 -
FortiNAC
287 -
FortiWeb
252 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
197 -
FortiAuthenticator
178 -
FortiGuard
160 -
5.0
152 -
Firewall policy
145 -
FortiGate-VM
134 -
6.4
128 -
FortiCloud Products
116 -
FortiSIEM
113 -
FortiToken
113 -
FortiGateCloud
112 -
Wireless Controller
95 -
Customer Service
88 -
High Availability
86 -
FortiProxy
78 -
ZTNA
76 -
Routing
75 -
Fortivoice
73 -
SAML
73 -
DNS
71 -
VLAN
71 -
BGP
70 -
FortiEDR
69 -
FortiADC
68 -
Authentication
68 -
Certificate
66 -
RADIUS
61 -
LDAP
60 -
FortiLink
56 -
SSO
54 -
NAT
54 -
FortiSandbox
53 -
FortiExtender
52 -
4.0MR3
49 -
vdom
47 -
Interface
46 -
Application control
46 -
FortiDNS
43 -
Logging
41 -
Virtual IP
41 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiPAM
37 -
SSL SSH inspection
36 -
FortiConnect
35 -
Web profile
35 -
Automation
33 -
FortiWAN
31 -
FortiConverter
30 -
FortiGate v5.2
27 -
Traffic shaping
26 -
API
26 -
Static route
26 -
SNMP
25 -
SSID
25 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
FortiGate Cloud
23 -
System settings
22 -
WAN optimization
21 -
FortiMonitor
20 -
OSPF
20 -
Security profile
19 -
Web rating
19 -
FortiSoar
18 -
Web application firewall profile
18 -
IP address management - IPAM
18 -
FortiGate v5.0
16 -
FortiDDoS
16 -
Explicit proxy
16 -
FortiAP profile
16 -
Admin
15 -
IPS signature
15 -
Proxy policy
15 -
Intrusion prevention
15 -
FortiCASB
14 -
NAC policy
14 -
FortiManager v4.0
13 -
DNS filter
13 -
FortiManager v5.0
12 -
FortiDeceptor
12 -
users
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiBridge
11 -
FortiRecorder
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
Trunk
10 -
Traffic shaping profile
10 -
Authentication rule and scheme
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
Application signature
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiCarrier
5 -
FortiNDR
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiAI
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2609 | |
| 1390 | |
| 804 | |
| 664 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.