Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- RE: Switch to INterface Mode and Internet Access
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Switch to INterface Mode and Internet Access
Ok, I am new to the Fortinet series of FW and I just installed a 60C. It has been a challenge and I have a few questions.
1. I am trying to switch to the Interface Mode that will allow me to assign individual subnets to each port. I have reset the 60C to all of the defaults but when I try to switch out of the Switch mode I always get an error that says " Entry in Used" . I had read on this forum to delete the DHCP associated with the interface and delete the policy for the interface. When I did this I got a connection error and could not log onto the 60C at all so I had to reset again. What are the steps to setup a default 60C to the interfce mode from the reset system defaults?
2. I am getting very spotty internet access. It seems like only one machine can connect to the internet at one time. I am getting a DHCP from my ISP but no luck getting out on all the machines. It appears that all the machines on the wired side are getting the correct IP addresses but cannot get out. I see the firewall rule set that allows all to go out. Is there an incoming rule that needs to be set?
Thanks in advance,
Greg H.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- « Previous
-
- 1
- 2
- Next »
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found it, Google.
This is driving me crazy. I have no sophisticated setup and right now all that I want to do is to access the internet.
The WAN1 network is set to DHCP and is getting the correct information and the DNS server addresses. I have the router behind my current router so that I can get it setup because I have to have internet access for the family while I am configuring it.
It appears that the router is getting something as my maintenace information is showing up correctly in the status widdow unless this was put into the router when I purchased it. I cannot get out to the internet when I press the LogIn button on the maintenance screen though.
I have added my less expensive CheckPoint Z100G router hooked up in the same fashion as the Fortigate, via a switch to the main router, and it works flawlesly without even changing any settings. I can access the internet through wireless or wired.
When I connect to the Fortigate via a wired or wireless connection I get the infamous Windows 7 setting of " Unidentified Network" I am getting the correct DHCP address from the Fortinet 60C in either wired or wireless but cannot get out ot the internet.
The firewall rules are set for each interface to allow all to go to the WAN1 interface. I do not have any incoming rules set at this point.
Any other thoughts?
Thanks in advance,
Greg H.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
to get you up and running:
Using DHCP on the wan1 port should give you
- the DNS address
- a valid IP
- a default route / a gateway
If you don' t see a default route pointing to your DHCP server (the other router), in Route>Monitor, then you have to add it manually - this depends on how you set up the DHCP options in the other router:
dest=0.0.0.0/0
gateway=192.168.168.168
I can understand that you are a bit frustrated setting the FG up. IMHO you made your life more difficult than necessary:
- you have no experience with Fortigates, nor with firewall appliances in general. But you assume they are as easy to setup as a simple DSL router.
- you haven' t read the docs. If I had no idea about an appliance I would read at least the introduction and a sample setup.
Why do people assume that a high sophisticated security device is best installed with no prior knowledge, and handbooks are for whimps?? I' ll never get that.
Get the docs at http://docs.fortinet.com
Step-by-step example e.g. in the FortiOS Handbook for 4.00MR2, pp. 289 " Small Office Network Protection" . You can leave out the parts you don' t need.
- you setup a major network device while not being able to interrupt live traffic. What you are configuring now will have limited use once you' ve eliminated the old router. So you start over again, at least to a certain part.
No you can' t setup a router/firewall without some network downtime. Only magicians can.
- you look for help on a Sunday. This is probably the least busy day on the Forums.
Nevertheless, with some reading and understanding of the basic concepts you should be able to get your network connected.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The gateway is the next hop router, not your own. Change that to interface address on the Fortigate, not the ISPs address. For WAN1 that is taken care of. Make sure all policies facing the Internet have NAT enabled.
For troubleshooting, try a simple PING to 8.8.8.8. If PING works and browsing does not your problems is 100% DNS. If PING does not, try a traceroute and see how far you get before it blows up. Just because IE fails doesn' t mean the Internet is down... Also, the static route is redundant. Get rid of it.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bob,
Thank you very much for your post. As it turns out I discovered this last night and got the FW working with just the changes that you said to do. Critical oversight on my part.
I have all of my interfaces configured now and it appears that all computers etc. are are receiving the correct IP addresses. Before I take my Sonicwall NSA 240 out of service I am going to make sure that all is working well and I get the UTM set up correctly for my needs.
Greg
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,621 -
FortiClient
1,741 -
5.2
801 -
FortiManager
720 -
5.4
639 -
FortiAnalyzer
552 -
FortiSwitch
470 -
FortiAP
464 -
FortiClient EMS
421 -
6.0
416 -
5.6
362 -
FortiMail
315 -
6.2
251 -
SSL-VPN
236 -
FortiAuthenticator v5.5
234 -
Fortiweb
205 -
IPsec
203 -
5.0
196 -
FortiNAC
186 -
FortiGuard
139 -
6.4
128 -
SD-WAN
113 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiAuthenticator
95 -
FortiToken
89 -
Customer Service
79 -
Firewall policy
78 -
Wireless Controller
77 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
56 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
51 -
ZTNA
48 -
FortiExtender
45 -
FortiSandbox
44 -
Routing
44 -
FortiDNS
42 -
DNS
42 -
LDAP
41 -
BGP
40 -
Authentication
37 -
SAML
36 -
FortiGate v5.4
35 -
NAT
35 -
FortiSwitch v6.4
34 -
Certificate
34 -
RADIUS
32 -
SSO
31 -
Interface
31 -
FortiLink
29 -
FortiConnect
28 -
VDOM
28 -
FortiWAN
27 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Automation
14 -
Static route
14 -
System settings
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
FortiManager v4.0
10 -
IPS signature
10 -
Security profile
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
Proxy policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiGate-VM
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
TACACS
2 -
Schedule
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1688 | |
| 1087 | |
| 752 | |
| 446 | |
| 227 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.