Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pchoud
New Contributor

Created on ‎01-24-2022 10:59 PM

Wifi Router connect to Fortigate 61F (Active-passive) cluster

I  have wifi network in my office , Wifi Router connected Directly to ISP Modem for internet. Now i want to connect 2 Firewall(Active-Passive) between Wifi Router & ISP Modem. how i can i connect & configure to access internet & keep my wifi network secured .

Labels:
2118
0 Kudos
3 REPLIES 3
AlexC-FTNT
Staff
Staff

Created on ‎01-24-2022 11:29 PM

If you are asking about physical connections, take a look at this example:

https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/900885/ha-active-passive-cluster-setup

You need a WAN switch in addition to the LAN switch, or use separate VLANS for the traffic, thus making the switch a single point of failure for both LAN and WAN. 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
2084
0 Kudos
pchoud
New Contributor

Created on ‎01-25-2022 01:29 AM

1)you means  we can Use  manage switch from WAN ports of both Fortigates .  Also use same manage switch to connect WAN Port of ISP modem. Right?

2)Wifi Router WAN Port configure IP 192.168.51.1/24 connect to Port2 of Fortigate 192.168.51.2/24 . Wifi Router LAN IP =192.168.50.0/24 DHCP ON

In Policy NAT enable so wifi users can access internet.

2) We have Linksys LAN switch to connect Port 1 of both fortigate to manage redundancy. 

Port 1 IP=192.168.52.254/24 DHCP ON . Linksys Switch configure with Vlan1=192.168.52.1/24. Default route toward toward 192.168.51.254.  In Fortigate Policy from LAN to WAN , NAT Enabled.

3)Default route on Fortigate is toward WAN IP . 

 

Can you please help to verify that Wifi & LAN connectivity is config is good to go ?. Thanks in advance :)

2079
0 Kudos
AlexC-FTNT
Staff
Staff
In response to pchoud

Created on ‎01-25-2022 02:03 AM

1)you means  we can Use  manage switch from WAN ports of both Fortigates .  Also use same manage switch to connect WAN Port of ISP modem. Right?

>> I don't understand this question.

2) 3) - Your explanations are not clear. Try to write without google translate. You need to know how your ISP router is working. Does it do NAT or is only a modem (bridge mode)? If there is NAT performed in this router, it makes no sense to have the same subnets in both LAN and WAN. Then if the router is in bridge mode, there is no  logic to have the IP addressing on this router
Here is an image that may help you:

AlexCFTNT_0-1643104999397.png

 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
2074
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.