Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mr-Tarek
New Contributor II

Created on ‎04-03-2023 12:21 PM

new setup - enlighten me plz !

hello everyone

I was tasked with adding Fortigate into my network
I am planning on going ISP-> fortigate (in nat/router mode) -> Mikrotik router (ccr2004-16G-2s+)-> endpoints
the thing is i have 2 different DHCP with different subnet , one for computers and the other Unifi system
what is the best way to setup the firewall ?

i can post the setup of my router
thank you

Labels:
968
0 Kudos
8 REPLIES 8
adambomb1219
SuperUser
SuperUser

Created on ‎04-03-2023 02:39 PM

Why keep the Mikrotik at all?  You should just move all routing/layer3 to the FortiGate and eliminate the other router.   

959
Mr-Tarek
New Contributor II
In response to adambomb1219

Created on ‎04-03-2023 02:53 PM Edited on ‎04-03-2023 03:01 PM

might do this later if the client accepts ..but for now i want to add the fortigate without any drastic changes or costs ( router has all the vlaning , filtering , etc

was thinking about creating 2 lans ,each on a different port on fortigate ..

953
0 Kudos
adambomb1219
SuperUser
SuperUser
In response to Mr-Tarek

Created on ‎04-04-2023 05:58 AM

How about FortiGate in Transparent mode then?

924
gfleming
Staff
Staff

Created on ‎04-03-2023 08:53 PM

What's doing your DHCP today? Why does it have to change?

 

If you're keeping routing on the Mikrotik then just use the Firewall as a WAN/Edge device doing security and traffic processing to/from the WAN.

 

If you want to move the VLANs to the FortiGate so it can do DHCP why not then just let it be the router too?

Cheers,
Graham
938
0 Kudos
Mr-Tarek
New Contributor II
In response to gfleming

Created on ‎04-04-2023 01:46 AM

1- is there an easy way to move my mikrotik config to fortigate?

2- how to use the fortigate as wan and edge device ? ( i have several subnet on the mikrotik ) : should i put the fortigate lan as the mikrotik router subnet then add the other subnets as routes ?

928
0 Kudos
gfleming
Staff
Staff
In response to Mr-Tarek

Created on ‎04-04-2023 08:33 AM

1. There's no 'easy' way but it's not exactly difficult to create interfaces/VLANs on the FortiGate and then create policies allowing traffic between those. Or if you aren't restricting east/west traffic you could put them all into a Zone which means you do not need policies to allow traffic.

 

2. You are already planning to use the FortiGate as a WAN edge device. This is your original design/plan. Your WAN edge device can communicate to downstream devices using a transit network to another L3 device (Mikrotik in this case) or it can host all of the VLANs/segments.

 

To simplify things your FortiGate can definitely take on the role of the Mikrotik router today. But if you aren't sure how to configure it you can also just create a transit network to route between the WAN on the FortiGate and the VLANs on the Mikrotik until you get more comfortable with the FOritGate config.

 

Cheers,
Graham
907
Mr-Tarek
New Contributor II

Created on ‎04-05-2023 01:03 AM

so i ended using fortigate as an edge firewall , responsible for natting ..and router all 0.0.0.0 to the fortigate .. it works for now 

i am now looking to give internet from the firewall to a different device that is divided from the original network , can a LAN2 be created ? or i should simply add a different IP to port2 per example ?

880
0 Kudos
gfleming
Staff
Staff
In response to Mr-Tarek

Created on ‎04-05-2023 08:49 AM

This device is not connected to the Mikrotik router? If not then yes you could create a new interface on the FortiGate. You can use any empty port for this purpose. You can call it LAN2 if you want or anything really. Just give it an IP address and create the FW policies to allow the traffic and you should be good to go.

Cheers,
Graham
874
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.