Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPhish
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiVoice
- FortiToken
- FortiWAN
- FortiWeb
- Lacework
- FortiAppSec Cloud
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- putting wireless router on dmz
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 11-23-2007 12:56 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
putting wireless router on dmz
I know you should always try something before asking, but I am not on site yet.
I have a new FG60B going in on a network this weekend.
internal interface is 192.168.0.99
DHCP enabled on my FG60 Internal interface.
We have some wireless laptops we want to access the internet but nothing else.
We have an d-ling DI-624 wireless router, I wanted to put on the DMZ port of my FG60B.
network/interface/dmz enabled but no values assigned.
Any assistance greatly appreciated to get ths going.
21 REPLIES 21
Not applicable
Created on 01-29-2008 12:49 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No joy.
I think I know what the issue is.
The router I am using is basically your average home-use type Linksys router. Mine. Wanted to make sure I could get this to work before I actually purchase a router for the office.
I set the Def GW for the router, but there is no way for me to set the Def GW for the Lnksys DHCP server.
These are my choices under DHCP:
Local DHCP Server: Enable, Disable
Starting Addy
# of addys
Lease time.
WINS
That' s it.
So I need a REAL router. Need to use the Def #' s. Or need to set the FGT to do all this as mentioned at the top of this thread. Sound right?
Not applicable
Created on 01-29-2008 02:00 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, wait... the OP is using a DI-614. That' s the same kind of router.
Tried Eric' s method, too. Laptop connects with LIMITED OR NO CONNECTIVITY and a 169.254.. address.
- Configure a seperate network segment on the DMZ like 172.16.0.1/24
What is the /24 at the end of that? I used .1.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The DI-614 is a very good router. I have a DI-604, and am very happy with it. I do see your issue though. It forces itself to be the gateway. The only other way which may complicate things a bit, would be to turn on DHCP on the DMZ interface (or just hard code the two IP addresses!), and plug the WAN port of the DI-614 into that. This way, the DI-614 will think it' s connected to your ISP, and there will be an interim route betwen your Fotrtigate and the DI. Make sure that the DHCP on the DMZ port is not the same subnet as the one on the inside port of the DI. This should work with a small bit of complictaion due to the new hop in between the two.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the /24 is the subnet mask. 255.255.255.0
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forgot to mention that. Doh!
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 01-30-2008 12:52 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Really feeling like an idiot here.
I am trying to set it up as Eric said.
This is all correct, yes??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks 100% to me. Make sure that the D-link is in that same subnet, but outside the range of DHCP address leases.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 01-31-2008 09:24 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the help everyone. Really appreciate it.
I don' t know why I didn' t think of this earlier:
Hey, let' s remove the LINKSYS (not a D-Link fellaz) and plug right in to the DMZ and see if it works.
It does, just fine.
So I' ll take my Linksys home and just buy a WAP for the office.
Anyone have a favorite WAP? Y' all link the D-links, eh?
So I' ll take my Linksys home and just buy a WAP for the office.
Anyone have a favorite WAP? Y' all link the D-links, eh?
Not applicable
Created on 02-06-2008 02:53 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is what I am doing, and it works (most from Eric)
Key thing is it does not appear to work with WEP, so I set it to WPA.
Configure a seperate network segment on the DMZ like 172.16.0.1/24 disable DHCP on the wireless router.
Enable DHCP on the DMZ port. range 172.16.0.20 - 172.16.0.99. Gateway and DNS server 172.16.0.1
Enable DNS forwarding from DMZ
Add fw rule from DMZ to Wan1.
configure the services you want to allow and attach protection profile.
Ensure that the policy from the DMZ to external has NAT enabled.
If you allow anybody to access your access point with no security it would seriously recommend to have strict protection profile and disallow SMTP.
Plug Wireless internal network to the DMZ port on the FORTIGATE.
**NOTES Feb 6/08
It seems to work best for the route to be set to WPA or better.
I have found WEP does not work properly.
Not applicable
Created on 02-07-2008 06:31 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got a Dlink WAP. Plugged it into the DMZ. I was online in less then 5 minutes with WPA encryption. Didn' t try WEP.
So all my problems were from that router.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,789 -
FortiClient
1,786 -
5.2
801 -
FortiManager
741 -
5.4
639 -
FortiAnalyzer
566 -
FortiSwitch
481 -
FortiAP
475 -
FortiClient EMS
438 -
6.0
416 -
5.6
362 -
FortiMail
324 -
SSL-VPN
254 -
6.2
251 -
FortiAuthenticator v5.5
234 -
IPsec
215 -
FortiWeb
210 -
5.0
196 -
FortiNAC
194 -
FortiGuard
139 -
6.4
128 -
SD-WAN
118 -
FortiAuthenticator
109 -
FortiGateCloud
102 -
FortiSIEM
100 -
FortiCloud Products
98 -
FortiToken
92 -
Firewall policy
86 -
Wireless Controller
81 -
Customer Service
80 -
4.0MR3
64 -
FortiProxy
61 -
High Availability
58 -
Fortivoice
57 -
FortiADC
54 -
VLAN
53 -
FortiEDR
52 -
ZTNA
50 -
Routing
49 -
FortiExtender
45 -
DNS
45 -
FortiSandbox
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
RADIUS
36 -
NAT
36 -
Certificate
36 -
FortiGate v5.4
35 -
SAML
35 -
FortiSwitch v6.4
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
Virtual IP
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiGate-VM
22 -
FortiPAM
22 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
Fortigate Cloud
19 -
FortiMonitor
18 -
Traffic shaping
17 -
OSPF
16 -
SSID
16 -
Automation
16 -
WAN optimization
16 -
FortiDDoS
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
Admin
13 -
FortiCASB
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
IPS signature
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
API
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
Service
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1742 | |
| 1112 | |
| 759 | |
| 447 | |
| 241 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.