Created on 05-01-2024 12:13 PM Edited on 05-01-2024 12:20 PM
Hello everybody, wanted to post up here to see if I can get some help with a new FortiGate 40F initial setup. I'm very much a novice when it comes to firewalls and overall setting up a network. I'm actually the parts guy for the body shop I work for, anyways... Hiring an IT company to do this for us isn't something the owner is wanting to spend money on, but I do feel this is something I can do no problem with a little guidance.
To lay everything out:
We have two AT&T U-Verse "business level" internet connections both using Arris modems, that I'm wanting to setup a WAN failover for, I've created the SD-WAN Zone and added both of my WANs too. I then created a Performance SLA for best path, as well as a SD-WAN rule for using the best link between both WANs. Then topping it off with setting up a static route for the SD-WAN.
I have the main ISP modem going into the WAN port on the 40F, and then I've setup Port 3 as the secondary WAN port for the second ISP modem. Both modems I do have access to through a GUI, and both are broadcasting DHCP and DNS.
(I want to mention the second ISP modem is actually for the IP Camera system on site, but I feel it could be utilized for a WAN failover too. So I'd like to use it as such.)
On the first WAN I've gone into the ISP modem and changed the DHCP range to 192.168.10.x to make sure it doesn't interfere with the FortiGate. (I'm guessing I need to disable DHCP and DNS within both ISP modems, and do a (What's my IP) search to see what my addresses are for both ISP connections are, and use that info to setup the WAN port on the 40F?
Beyond that I've modified my LAN section in the 40F, changing the IP address for accessing the 40F GUI to 10.0.2.1/24. Enabling only, HTTPS, PING, and SSH under admin access. And setting up the DHCP Server to use the 10.0.2.x range. Device detection and STP are both enabled.
Both WAN settings are setup similar at the moment to one another, addressing mode is manual, HTTPS, SSH, and PING only things enabled as well. (I've tried both using DHCP and manual in addressing mode. While in DHCP mode both WANs get an IP and show connected. When I try to enter the static info from both ISP connections I don't get anything. Once again I assume this has to do with the fact that both ISP Arris modems are setup for DHCP?)
My physical hardware is so; x2 AT&T Arris modems -> 40F WAN1/2 -> Ubiquity 24 Port Switch -> Workstations/APs
I also have a server running XCP-NG with a Windows Server 2022 Standard VM that I've setup for DHCP, DNS, FSMO roles, and file sharing that I want to eventually get into the mix. But I feel I just need to get the FortiGate 40F configured properly first.
It's pretty simple setup, we're not even using a punch down panel, CAT5e from the switch directly to the devices. So, not sure what else I'm missing...
What do I need to do to get internet access and network to my workstations through the FortiGate 40F?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What I've heard was.... for AT&T U-Verse they install Arris BGW210 or 320. And those supports "bridge mode" so that the public IP the modem/router pulls can be bridged to your router/FW, in your case FG40F. I would do that first. Then you don't have to worry about its FW features the router/modem has, which might get in the way.
But otherwise, you're pretty much thinking all over what you need to consider. Are you really a parts guy at the shop as your primary role? Sounds like you're way beyond an IT guy at a small org.
Toshi
Toshi, thanks for the response.
So the primary ISP modem is a NVG599 and the secondary ISP modem is a BGW210.
If I can at least get the NVG599 passing the public IP through to the 40F, I can worry about getting WAN2 with the BGW210 working later. So I'm guessing I still need to look into bridge mode for the NVG599 then? How do I go about doing so within the 40F?
And I'm going to take your last comment as a compliment :) I do a lot of reading, trial, and error for myself before I start asking questions.
With NVG599 and even with BGW210, there seems to be another way called "IP passthrough", which accomplish the same with bridge mode.
https://www.reddit.com/r/HomeNetworking/comments/imqapv/bgw210700_or_nvg599_which_is_easier_to_bridg...
With this all you nedd to set up on the 40F side is to enable DHCP on the interface so that it would pull one of public IPs the circuit offer.
Also their support should be able to tell what you need to set up at the modem if you explain you want the router behind it to pull a public IP.
Toshi
Thank you very much for your help.
Created on 05-30-2024 07:26 AM
Just wanted to give an update to this thread to close it out as solved. My configuration above that I posted was all correct, and what I was missing was putting both AT&T modems into IP Passthrough mode, once I did that internet started working on my network.
Thanks for all the help.
I've configured the SD-WAN zone, added both WAN connections, created a performance SLA, and set up an SD-WAN rule for best path. When I test the failover by disconnecting the primary ISP modem, the traffic doesn't seem to automatically switch over to the secondary ISP modem. I've double-checked my online maths tutor uk configurations, and everything seems to be in order.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.