Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
daddo
New Contributor

FortiGate Configuration with ISP Router HELP

Hello everybody I'm new here and a noobie and I have difficulties figuring out how to configure my FortiGate. In exact words how to configure my "wan" and "internal" interfaces. FortiGate Address is 192.168.1.99,  my local Network is 192.168.64.x and my router is my gateway with the address 192.168.64.1. The ISP IP Address is 212.186.186.150 and the computer from which I'm testing has the IP 192.168.1.100. The configuration should be like Internet--Router -- FortiGate - local Network. Everything I've tried I can't get it to work. What should be settings on "wan" and "Internal" interfaces? I get an access to the internet from 192.168.1.100 but I don't have the access to the  it from outside (RDP). Because the  traffic from outside comes to the router first, it should pass all the traffic to the FortiGate behind. How should i do that?

Sorry I know there are a lot of question but I really need help.

Thank you. 

5 REPLIES 5
Toshi_Esumi
Esteemed Contributor II

If you're really new and need to configure it right away without enough time to read around the handbook, and other materials, the best way is to search below keywords with your favorite search engine, which would provide you links to various FortiOS versions of Fortinet cookbook. Then choose the link of your version. In your case, just disable NAT at the policy creation page since your ISP's router is doing NAT.

The keywords are "fortinet cookbook installing fortigate in nat/route mode"

ede_pfau
Esteemed Contributor III

Cascading routers is never a good idea. Nevertheless it works with some twiddling.

What you could try first is to forward ALL traffic from the ISP router to the FGT, sometimes called "exposed host". In this way the public IP address is handed down to the FGT WAN port which is necessary for FortiGuard updates, VPN etc.

If you cannot configure the ISP router then 192.168.64.0/24 becomes your "transfer network" in which only 2 addresses are used: .1 for the router and .2 for the FGT WAN port. The LAN behind the FGT needs to have a different address range, like 192.168.22.0/24. The FGT can serve as the DNS, DHCP server and NTP server for your LAN.

You will find all of this (the basics) in the FortiOS Handbook, to be found on docs.fortinet.com. I personally don't like the videos from FTNT as 1- they are running like in fast-forward and 2- they don't tell you the why, just the how for this one special case. As no network is identical it's easy to miss the point.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
rwpatterson
Valued Contributor III

If the handoff from your ISP is RJ-45, chuck their router and put the FGT at the edge.

 

Just sayin'...

 

I'm a FiOS consumer. Chucked their Actiontec router before it even left the box.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

ede_pfau
Esteemed Contributor III

Just watch out if the connection is a PPPoE link... a desktop model FGT will max out at ~ 130 Mbps while a cheap router can handle 1 Gbps. The FGT hardware just doesn't account for this protocol.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
twayta
New Contributor

Hello, did you find the solution please?