Switch to INterface Mode and Internet Access

GregH · ‎11-26-2010

Ok, I am new to the Fortinet series of FW and I just installed a 60C. It has been a challenge and I have a few questions. 1. I am trying to switch to the Interface Mode that will allow me to assign individual subnets to each port. I have reset the 60C to all of the defaults but when I try to switch out of the Switch mode I always get an error that says " Entry in Used" . I had read on this forum to delete the DHCP associated with the interface and delete the policy for the interface. When I did this I got a connection error and could not log onto the 60C at all so I had to reset again. What are the steps to setup a default 60C to the interfce mode from the reset system defaults? 2. I am getting very spotty internet access. It seems like only one machine can connect to the internet at one time. I am getting a DHCP from my ISP but no luck getting out on all the machines. It appears that all the machines on the wired side are getting the correct IP addresses but cannot get out. I see the firewall rule set that allows all to go out. Is there an incoming rule that needs to be set? Thanks in advance, Greg H.

Fullmoon · ‎11-27-2010

ORIGINAL: 1. I am trying to switch to the Interface Mode that will allow me to assign individual subnets to each port. I have reset the 60C to all of the defaults but when I try to switch out of the Switch mode I always get an error that says " Entry in Used" . I had read on this forum to delete the DHCP associated with the interface and delete the policy for the interface. When I did this I got a connection error and could not log onto the 60C at all so I had to reset again. What are the steps to setup a default 60C to the interfce mode from the reset system defaults? 2. I am getting very spotty internet access. It seems like only one machine can connect to the internet at one time. I am getting a DHCP from my ISP but no luck getting out on all the machines. It appears that all the machines on the wired side are getting the correct IP addresses but cannot get out. I see the firewall rule set that allows all to go out. Is there an incoming rule that needs to be set?

For question #1 have you tried to delete the addresses for each interfaces can be found under Address?have you tried to delete the static routings under Router?have your tried to delete the policies under FW Policy?if you cleared that portions switch again to interface mode For question # 2 How do you define your policies for internet access?Do you enabled NAT for each policies from Internal-WAN1/2?

Fortigate Newbie

GregH · ‎11-27-2010

I finally got the unit switched to interface mode and have set up each ainterface and added in the DHPC server asociated with each interface. However, I still cannot get out to the internet. For the meantime I added back in my old router and put the 60C behind it. The 60C is connected from the WAN port to a LAN port and it is receiving the WAN information ok. I am confused now as to what needs to be added to the 60C to get out to the internet. I have the default route added that according to the documentation will sent everything out to the gateway. Is there anything else that needs to be added? Thanks, GregH

Fullmoon · ‎11-27-2010

In order to have internet connection on fortigate unit see to it you have proper External Addresses (IP Address, SM, DGW, DNS) 1. Define Addresses under Network Interfaces plus its Subnet Mask (WAN1 or WAN2) 2. Define Default Gateway under Static Routes 3. Add DNS under Network Options 4. Add policies from Internal-Internet under Fw Policy Source Int/Zone=Internal Source Address=your local network (ex 192.168.0.0/24) Desti Int/Zone=WAN1 (w/c port facing your internet connection) Desti Add= All Schedule=always Services=Any Action=Accept NAT=Enabled If you defined the ff go to System=>Dashboard=Status=>CLI Console type the ff execute ping (your public gateway or public dns), to test for internet connection type exe ping www.yahoo.com to verify whether your firewall able to connect directly to internet.

Fortigate Newbie

GregH · ‎11-28-2010

I think that I addeed in all that you said and I still cannot get the internet. I have attached some screen shot of my settings. I put the 60C behind my current router so that I could play with the settings without toasting the whole network. I cannot break and acquire a new address from my ISP unless I call them. Everyone needs the internet so if I can get out to the internet with this setup I can change as required when I take the other router out. Could not fit all of the screen shots on one gif file so I have to send three more replies with the screen shots. Sorry. GregH

Fullmoon · ‎11-28-2010

since your internet was DHCP, kindly remove the static routes you created and for DNS use 8.8.8.8 and try again

Fortigate Newbie

GregH · ‎11-28-2010

Next Screen Shot

GregH · ‎11-28-2010

Next screen shot

GregH · ‎11-28-2010

Next screen shot

GregH · ‎11-28-2010

Did not appear to work. What is a DNS of 8.8.8.8?

Switch to INterface Mode and Internet Access

Nominate a Forum Post for Knowledge Article Creation