Advice me what's the best way to connect fortigate to the internet of my home ADSL modem passing by cisco router ? i mean i configure dynamic or static NAT? or PAT ? or default static route from my fortigate to the adsl modem and configure default static route from my adsl to the fortigate ?or other methode ?
A possible best option is to eliminate the cisco router upstream and let the FGT take the internet connection directly from a modem so that the FGT can do VIP/DNAT for out-to-in traffic toward the server in DMZ. Otherwise it's Cisco that needs to do at least out-to-in NAT.
FGT's NAT is unidirectional and in-to-out and out-to-in NAT are independent. It would complicate things if there are two devices doing NAT. So if you left the Cisco in place, you would have to do all NAT at the Cisco.
before I added the router I let the FortiGate access to the internet and i configure a policy to let the lan and DMZ access to the internet also but now i add the router and if I configure NAT in router to permit the network 192.168.2.x/24(network between the router and firewall) I will not configure NAT also in router to the LAN and DMZ networks because i configured them in fortigate right ?
If you're talking about only in-to-out direction and if you set up SNAT for internal subnets, the Cisco sees only 192.168.2.x on the FGT interface. But if I were to add a router in front to a FGT, I wouldn't do NAT at all on the FGT. Instead expose those internal subnets to the Cisco so that the Cisco can NAT all of them.
@Toshi_Esumii configure PAT in the router to allow the fortigate access to the internet and it's work but when i try now to acccess it from my browzer by http i can't , i try to access it with the outside interface of the router but i can't and also i try with the fortigate outside interface i can't
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.