Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Need to create static route or not in PPPOE connec...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need to create static route or not in PPPOE connection in order to get to the internet ?
Hi everyone,
I'm new to the FORTIGATE.....
I got cisco WRVS4400N (ISP gateway) directly connected to internet by CAT 5 cable which the connection type is PPPOE ,it got static ip example 172.17.0.50/255.255.255.255 because i off and on cisco the WAN IP remain unchanged, default gateway 111.68.12.200 and DNS1 and 2 which is 203.99.131.10 and 207.99.131.249 and the LAN IP 192.168.1.1and the username(test) and password(blank) (which can be see when log in to the cisco and WAN IP obviously one only subnet mask = 255.255.255.255 ).
Now i want to add my Fortigate 60D to the cisco WRVS4400N, i put the WAN1 addressing mode to PPPOE and key in the related username, password, enable retrieve gateway from server and override internal dns. The policy all have being set to allow OUT. The WAN1 is connected to the WRVS4400N Ethernet port, will disable the DHCP server in CISCO since will assign DHCP server from FORTIGATE 60D internel interface.
Question
1) Do i need to create static route which destination=0.0.0.0/0.0.0.0, Interface=WAN1, gateway=111.68.12.200 ? (actually i run through many cookbook and thread, pppoe is dynamic even i have static IP address) else what should i do ?
2) Do i need to key in DNS under fortigate,network to our MAIN SERVER DNS IP and DOMAIN NAME as i already enable override internel DNS from WAN1 interface or need to fill in as the above info 203.99.131.10 and 207.99.131.249 ?Which DNS IP i should fill in ? (because this fortigate is for branch usage located oversea ,just for two or three people)
3) Do i need to create DDNS for my fortigate 60D in order to able remote access/VPN from other country or just above IP address 172.17.0.50 will do ?
Thank you so much for you all
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
and welcome to the forums.
Your setup is a bit different from the obvious in that
- your ISP assigns a private IP address (RFC1918)
- your FGT will be the second router in the setup
- the FGT will have nothing to do with PPPoE at all
That is to say:
1- what your FGT will see as the WAN is 192.168.1.x/24, with gateway 192.168.1.1. The wan1 port should be in that range, e.g. 192.168.1.2/24. Just a static IP address, no PPPoE, no DHCP. Consequently, no 'override DNS' or 'obtain default gateway'.
This is called a transfer network. It is only used to connect the FGT to the ISP router.
You need to create a static route as default route, destination '0.0.0.0/0', interface 'wan1', gateway '192.168.1.1'.
The choice of internal address range is up to you EXCEPT for 192.168.1.x/24. I would choose something like 192.168.101.0/24, with .1 assigned to the 'internal' port/switch.
That of course leads to the DHCP server on 'internal' shelling out a range like 192.168.101.[20-100] with netmask /24 (= 255.255.255.0).
In the DHCP settings, specify either your ISP's DNS addresses (less elegant), or the FGT's internal address .101.1 in combination with a DNS on 'internal' which forwards to 'System DNS'. 'System DNS' of course is your ISP's DNS addresses.
Notice that in WAN facing policies you do not need to enable NAT. In fact you should not.
3- the DDNS thing is difficult, as you only get a private IP address from your ISP, assigned to the Cisco router, which cannot be addressed directly. At the moment, I'd say you cannot reach the router (nor the FGT) remotely. Workarounds:
- create a dial-out VPN from FGT to your management network
- make a Teamviewer session from an internal PC which has a browser running for administration from the 'internal' port
I hope you get started with this. Feel free to post additional questions if unclear.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ede, thank you so much for replied, no quite understand for the DNS setting FGT's internal address .101.1 in combination with a DNS on 'internal' so i should fill in 203.99.131.10 and 207.99.131.249 which i saw in cisco ?
2) Why should not need to enable NAT in order to get to the internet ?
3) When i create VPN autokey from my main site ,the REMOTE GATEWAY can i config as STATIC (172.17.0.50) ? in order to make connection between FORTIGATE ? Any solution to make work because the main purpose is VPN access shared folder to Main office, so can i make site to site connection using this static IP 172.17.0.50 ?
4) Or should i get the public accessible address from ISP example : 172.17.0.50/29
Labels
-
FortiGate
10,521 -
FortiClient
2,137 -
FortiManager
886 -
5.2
687 -
FortiAnalyzer
675 -
5.4
638 -
FortiSwitch
581 -
FortiAP
558 -
FortiClient EMS
552 -
6.0
416 -
IPsec
412 -
SSL-VPN
373 -
FortiMail
371 -
5.6
362 -
FortiNAC
278 -
FortiWeb
252 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
191 -
FortiAuthenticator
169 -
FortiGuard
159 -
5.0
152 -
Firewall policy
142 -
6.4
128 -
FortiGate-VM
127 -
FortiCloud Products
116 -
FortiSIEM
112 -
FortiGateCloud
112 -
FortiToken
110 -
Wireless Controller
95 -
Customer Service
88 -
High Availability
83 -
FortiProxy
77 -
ZTNA
75 -
Routing
73 -
SAML
71 -
DNS
71 -
VLAN
70 -
Fortivoice
69 -
FortiEDR
68 -
FortiADC
67 -
BGP
67 -
Authentication
66 -
Certificate
64 -
RADIUS
59 -
LDAP
58 -
SSO
54 -
fortilink
54 -
FortiSandbox
53 -
NAT
52 -
FortiExtender
51 -
4.0MR3
49 -
VDOM
44 -
Application control
44 -
FortiDNS
43 -
Interface
43 -
Logging
40 -
Virtual IP
39 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiPAM
35 -
SSL SSH inspection
35 -
Web profile
35 -
FortiConnect
34 -
Automation
32 -
FortiWAN
31 -
FortiConverter
30 -
FortiGate v5.2
27 -
Traffic shaping
26 -
SNMP
25 -
SSID
25 -
Static route
25 -
API
24 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
FortiGate Cloud
23 -
System settings
22 -
OSPF
20 -
WAN optimization
20 -
FortiMonitor
19 -
Security profile
19 -
Web application firewall profile
18 -
IP address management - IPAM
18 -
FortiSoar
17 -
Web rating
17 -
FortiGate v5.0
16 -
FortiDDoS
16 -
FortiAP profile
16 -
Explicit proxy
15 -
Admin
15 -
Proxy policy
15 -
FortiCASB
14 -
IPS signature
14 -
Intrusion prevention
14 -
FortiManager v4.0
13 -
DNS filter
13 -
FortiManager v5.0
12 -
NAC policy
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiRecorder
11 -
Users
11 -
FortiDeceptor
10 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
FortiBridge
10 -
Trunk
10 -
Traffic shaping profile
10 -
Authentication rule and scheme
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
Application signature
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiCarrier
5 -
FortiNDR
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiInsight
2 -
FortiAI
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
lacework
2 -
FortiEdge Cloud
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2554 | |
| 1356 | |
| 795 | |
| 647 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.