Advice me what's the best way to connect fortigate to the internet of my home ADSL modem passing by cisco router ? i mean i configure dynamic or static NAT? or PAT ? or default static route from my fortigate to the adsl modem and configure default static route from my adsl to the fortigate ?or other methode ?
A possible best option is to eliminate the cisco router upstream and let the FGT take the internet connection directly from a modem so that the FGT can do VIP/DNAT for out-to-in traffic toward the server in DMZ. Otherwise it's Cisco that needs to do at least out-to-in NAT.
FGT's NAT is unidirectional and in-to-out and out-to-in NAT are independent. It would complicate things if there are two devices doing NAT. So if you left the Cisco in place, you would have to do all NAT at the Cisco.
Toshi
thanks, @Toshi_Esumi for your response
before I added the router I let the FortiGate access to the internet and i configure a policy to let the lan and DMZ access to the internet also but now i add the router and if I configure NAT in router to permit the network 192.168.2.x/24(network between the router and firewall) I will not configure NAT also in router to the LAN and DMZ networks because i configured them in fortigate right ?
If you're talking about only in-to-out direction and if you set up SNAT for internal subnets, the Cisco sees only 192.168.2.x on the FGT interface.
But if I were to add a router in front to a FGT, I wouldn't do NAT at all on the FGT. Instead expose those internal subnets to the Cisco so that the Cisco can NAT all of them.
Toshi
In companies what's the method that they did , they put the router before the fortigate or after ?
Completely depending on the purpose/reason why the router needs to be in the network while another router, FGT, is in place, which you haven't explained.
Toshi
@Toshi_Esumi i configure PAT in the router to allow the fortigate access to the internet and it's work but when i try now to acccess it from my browzer by http i can't , i try to access it with the outside interface of the router but i can't and also i try with the fortigate outside interface i can't
Try sniffing traffic at the FGT while try accessing the cisco GUI. As long as it goes out from the interface connected to Cisco, the problem is not on the FGT side.
User | Count |
---|---|
2675 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.