many thanks in advance...just one more question. I'm trying set policy but I can't find wan option

can you help me?

If I understand what you mean, you need to create an address object by clicking the "+ Create" button shown on your screenshot, then create an address object (lets call it "s-wan1") of type subnet with the value 20.0.0.0/24.

many many many thanks

it works...just one more question

if I have some machines with static ip 30.0.0.10 30.0.0.20 etc but I don't have any lan or wan on that subnet, how can i reach them in forticlient? I try adding the policy as myou suggest to me before, but I cannot reach them. these devices are just statics devices which I can reach adding on my laptop the adding gateway 30.0.0.1

there is a way to reach them connecting them to fortigate? many thanks again for your help

Do you mean that these devices are not directly behind FortiGate but are behind another router which is connected to FortiGate? In other words do you mean FortiGate doesn't have any interface with address 30.0.0.x/24?

Are you using public IP addresses on your network (20.x.x.x, 30.x.x.x)?. If this is the case than this is wrong, you have to use private addresses otherwise.

I have this situation:

modem -> router -> fortigate (not lan dhcp server until now) -> switch1

                                some machine with static ip (30.0.0.10...ecc/24) -> switch1

how can reach machines with static ip and gateway 30.0.0.1? I need ad a lan interface in the fortigate?