- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Novice Needing Help Setting Up FortiGate 40F v7.2....
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Novice Needing Help Setting Up FortiGate 40F v7.2.7 build 1577
Hello everybody, wanted to post up here to see if I can get some help with a new FortiGate 40F initial setup. I'm very much a novice when it comes to firewalls and overall setting up a network. I'm actually the parts guy for the body shop I work for, anyways... Hiring an IT company to do this for us isn't something the owner is wanting to spend money on, but I do feel this is something I can do no problem with a little guidance.
To lay everything out:
We have two AT&T U-Verse "business level" internet connections both using Arris modems, that I'm wanting to setup a WAN failover for, I've created the SD-WAN Zone and added both of my WANs too. I then created a Performance SLA for best path, as well as a SD-WAN rule for using the best link between both WANs. Then topping it off with setting up a static route for the SD-WAN.
I have the main ISP modem going into the WAN port on the 40F, and then I've setup Port 3 as the secondary WAN port for the second ISP modem. Both modems I do have access to through a GUI, and both are broadcasting DHCP and DNS.
(I want to mention the second ISP modem is actually for the IP Camera system on site, but I feel it could be utilized for a WAN failover too. So I'd like to use it as such.)
On the first WAN I've gone into the ISP modem and changed the DHCP range to 192.168.10.x to make sure it doesn't interfere with the FortiGate. (I'm guessing I need to disable DHCP and DNS within both ISP modems, and do a (What's my IP) search to see what my addresses are for both ISP connections are, and use that info to setup the WAN port on the 40F?
Beyond that I've modified my LAN section in the 40F, changing the IP address for accessing the 40F GUI to 10.0.2.1/24. Enabling only, HTTPS, PING, and SSH under admin access. And setting up the DHCP Server to use the 10.0.2.x range. Device detection and STP are both enabled.
Both WAN settings are setup similar at the moment to one another, addressing mode is manual, HTTPS, SSH, and PING only things enabled as well. (I've tried both using DHCP and manual in addressing mode. While in DHCP mode both WANs get an IP and show connected. When I try to enter the static info from both ISP connections I don't get anything. Once again I assume this has to do with the fact that both ISP Arris modems are setup for DHCP?)
My physical hardware is so; x2 AT&T Arris modems -> 40F WAN1/2 -> Ubiquity 24 Port Switch -> Workstations/APs
I also have a server running XCP-NG with a Windows Server 2022 Standard VM that I've setup for DHCP, DNS, FSMO roles, and file sharing that I want to eventually get into the mix. But I feel I just need to get the FortiGate 40F configured properly first.
It's pretty simple setup, we're not even using a punch down panel, CAT5e from the switch directly to the devices. So, not sure what else I'm missing...
What do I need to do to get internet access and network to my workstations through the FortiGate 40F?
Labels:
- Labels:
-
FortiGate
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What I've heard was.... for AT&T U-Verse they install Arris BGW210 or 320. And those supports "bridge mode" so that the public IP the modem/router pulls can be bridged to your router/FW, in your case FG40F. I would do that first. Then you don't have to worry about its FW features the router/modem has, which might get in the way.
But otherwise, you're pretty much thinking all over what you need to consider. Are you really a parts guy at the shop as your primary role? Sounds like you're way beyond an IT guy at a small org.
Toshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Toshi, thanks for the response.
So the primary ISP modem is a NVG599 and the secondary ISP modem is a BGW210.
If I can at least get the NVG599 passing the public IP through to the 40F, I can worry about getting WAN2 with the BGW210 working later. So I'm guessing I still need to look into bridge mode for the NVG599 then? How do I go about doing so within the 40F?
And I'm going to take your last comment as a compliment :) I do a lot of reading, trial, and error for myself before I start asking questions.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With NVG599 and even with BGW210, there seems to be another way called "IP passthrough", which accomplish the same with bridge mode.
https://www.reddit.com/r/HomeNetworking/comments/imqapv/bgw210700_or_nvg599_which_is_easier_to_bridg...
With this all you nedd to set up on the 40F side is to enable DHCP on the interface so that it would pull one of public IPs the circuit offer.
Also their support should be able to tell what you need to set up at the modem if you explain you want the router behind it to pull a public IP.
Toshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much for your help.
Related Posts
- Webfilter license won't work despite having... 98 Views
- security settings in fortigate 66 Views
- How how can I limit the... 282 Views
- VPN L2TP on Fortigate 60F behind... 144 Views
- Basic ZTNA Design / Functionality Questions... 134 Views
Labels
-
FortiGate
6,739 -
FortiClient
1,341 -
5.2
801 -
5.4
639 -
FortiManager
580 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
345 -
FortiAP
344 -
FortiClient EMS
274 -
FortiMail
262 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
160 -
6.4
128 -
FortiNAC
110 -
FortiGuard
108 -
FortiSIEM
92 -
FortiGateCloud
88 -
FortiCloud Products
85 -
IPsec
83 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
68 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
32 -
SD-WAN
31 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
FortiAuthenticator
22 -
VLAN
22 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Logging
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
Authentication
9 -
SSL SSH inspection
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
Traffic shaping
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
Web application firewall profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.