Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
papapuff
New Contributor II

Created on ‎07-10-2023 07:29 AM Edited on ‎07-10-2023 07:07 PM

Newbie to fortigate - setup multiple port and give limited internet connection

hello there.

need help please.


I've setup fortigate fg-60F.

each port has their own setting (act as interface).


we have 2 internet provider. WAN1 is pppoe, WAN2 is dhcp from internet building.

we've setup:

1) int2 (port no.2),

have IP 1.0.0.10.

netmask 255.255.255.0

dhcp off

2) int3,

have ip 1.0.1.10.

netmask 255.255.255.0.

dhcp off

3) int4,

have ip 192.168.100.100

dhcp on


purpose:

* int2 for LAN1,

- only work local (intranet).

- can communicate with int3

- can't access internet


* int3 for LAN2,

can communicate with LAN1.

can access internet, and will use WAN1


* int4 for internet only (for public),

- can access internet use wan2

- can't communicate with any other port


on fortigate, already created policy:

1) firewall policy 1

source: int2

ip: 1.0.0.0/24

destination: int3

ip: 1.0.1.0/24

services: all

antivirus : enable

others securities: disable


2) firewall policy 2

source:int3

ip: 1.0.1.0/24

destination:int2

ip: 1.0.0.0/24

services: all

antivirus : enable

others securities: disable


3) firewall policy 3

source:int3

ip: 1.0.1.0/24

destination:wan1

ip: all

services: all


4) firewall policy 4

source: int4

ip: 192.168.100.0/24

destination:wan2

ip: all

services: all


5) policy route 1:
incoming interface: int3
source: (blank)
destination: (all blank)
protocol: any
forward traffic : wan1
gateway addresS: 0.0.0.0

5) policy route 2:
incoming interface: int4
source: (blank)
destination: (all blank)
protocol: any
forward traffic : wan2
gateway addresS: 0.0.0.0

 

here the problem:

- device under int3, can communicate with int2, but can't access internet.

- Ethernet on device under int3, has following setting:

IP : 1.0.1.12

netmask: 255.255.255.0

gateway: 1.0.1.10

dns server: (dns given by ISP wan1)


kindly please need help.

thank you

Labels:
1382
11 REPLIES 11
papapuff
New Contributor II
In response to Dan_Eng52

Created on ‎07-11-2023 06:20 PM Edited on ‎07-11-2023 06:48 PM

good question.am I missed to setting this one?

any advice for setting static route?

 

as I described,

wan1 -> pppoe. this connection have dynamic ip public.

wan2 -> dhcp from internet building management.

 

another questions, future we want to add another internet provider with static ip public.

looking advice for another setting for this internet provider.

thank you

 

thanks in advance

231
0 Kudos
Dan_Eng52
Contributor
In response to papapuff

Created on ‎07-12-2023 02:50 AM

Hi Papapuff, 

 

I hope you're well. 

 

For your PPPoE interface, once you've configured the interface settings you will want to setup your static route gateway address to "Dynamic" so it will retrieve the gateway being sent via ISP. For your WAN2 interface, you can use the static route configuration that I previously posted whereby you manually specify your default gateway. 

 

PPPoE.png

Static public IP is no problem, in the WAN interface settings just select Manual for the addressing mode and enter the details provided by your ISP. Note, you will need to change the static route to the provided gateway IP. 

 

WAN Static.png

 

Hope that makes sense. 

 

Regards, 

Dan. 

 

218
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.