hello there.
need help please.
I've setup fortigate fg-60F.
each port has their own setting (act as interface).
we have 2 internet provider. WAN1 is pppoe, WAN2 is dhcp from internet building.
we've setup:
1) int2 (port no.2),
have IP 1.0.0.10.
netmask 255.255.255.0
dhcp off
2) int3,
have ip 1.0.1.10.
netmask 255.255.255.0.
dhcp off
3) int4,
have ip 192.168.100.100
dhcp on
purpose:
* int2 for LAN1,
- only work local (intranet).
- can communicate with int3
- can't access internet
* int3 for LAN2,
can communicate with LAN1.
can access internet, and will use WAN1
* int4 for internet only (for public),
- can access internet use wan2
- can't communicate with any other port
on fortigate, already created policy:
1) firewall policy 1
source: int2
ip: 1.0.0.0/24
destination: int3
ip: 1.0.1.0/24
services: all
antivirus : enable
others securities: disable
2) firewall policy 2
source:int3
ip: 1.0.1.0/24
destination:int2
ip: 1.0.0.0/24
services: all
antivirus : enable
others securities: disable
3) firewall policy 3
source:int3
ip: 1.0.1.0/24
destination:wan1
ip: all
services: all
4) firewall policy 4
source: int4
ip: 192.168.100.0/24
destination:wan2
ip: all
services: all
5) policy route 1:
incoming interface: int3
source: (blank)
destination: (all blank)
protocol: any
forward traffic : wan1
gateway addresS: 0.0.0.0
5) policy route 2:
incoming interface: int4
source: (blank)
destination: (all blank)
protocol: any
forward traffic : wan2
gateway addresS: 0.0.0.0
here the problem:
- device under int3, can communicate with int2, but can't access internet.
- Ethernet on device under int3, has following setting:
IP : 1.0.1.12
netmask: 255.255.255.0
gateway: 1.0.1.10
dns server: (dns given by ISP wan1)
kindly please need help.
thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 07-11-2023 06:20 PM Edited on 07-11-2023 06:48 PM
good question.am I missed to setting this one?
any advice for setting static route?
as I described,
wan1 -> pppoe. this connection have dynamic ip public.
wan2 -> dhcp from internet building management.
another questions, future we want to add another internet provider with static ip public.
looking advice for another setting for this internet provider.
thank you
thanks in advance
Hi Papapuff,
I hope you're well.
For your PPPoE interface, once you've configured the interface settings you will want to setup your static route gateway address to "Dynamic" so it will retrieve the gateway being sent via ISP. For your WAN2 interface, you can use the static route configuration that I previously posted whereby you manually specify your default gateway.
Static public IP is no problem, in the WAN interface settings just select Manual for the addressing mode and enter the details provided by your ISP. Note, you will need to change the static route to the provided gateway IP.
Hope that makes sense.
Regards,
Dan.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.