[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Dual Wan Fortgate setup for SBS 2008

Posted on 2011-09-12
6
Medium Priority
?
1,335 Views
Last Modified: 2012-06-27
Can anyone share a working setup for a Fortigate (60C-80C)  (FortiOS 4 MR2) for an SBS 2008 server.
Especially to make the firewall accept SMTP traffic (25) on both Wan Interfaces?
When using only one Wan you can use a VIP (Virtual IP) to forward all traffic on port 25 to the server but you can do this only once per port.
There is an example on Fortigates knowledge base but this assumes a seperate SMTP server in the DMZ.
Can it be done without the DMZ? Any examples?

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31240&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=23603459&stateId=0%200%2023605076

I have made all the ISP side changes with 2x diffrently weighted MX (and corresponding A records) pointing at the correct Permanent IP addresses on Wan1 and Wan2?

Any suggestions would be appreciated.

Olaf
0
Comment
Question by:Olaf De Ceuster
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:iworks-uworks
ID: 36530590
In the VIP rule you must specify the external WAN IP for each rule:

NAME: SMTP_WAN1
Internaface: WAN1
External IP: x.x.x.x
Internal IP: 192.168.0.2
Port: 25 ->25

NAME: SMTP_WAN2
Internaface: WAN2
External IP: y.y.y.y
Internal IP: 192.168.0.2
Port: 25 ->25

Let me know if you have any problems with that.
0
 
LVL 22

Author Comment

by:Olaf De Ceuster
ID: 36532783
Thank you iworks,

Tried that already.
Seems the fortigate only lets me make one VIP per port.
Wan1 with forward 25-25 no problem
Wan2 : Duplicate entry found.
Olaf
0
 
LVL 4

Accepted Solution

by:
iworks-uworks earned 2000 total points
ID: 36533144
Olafdc,
Please refer to the picture I've attached. You need to make sure you specify the EXTERNAL IP address for both VIPs. Don't leave it at 0.0.0.0, put in the actual external IP and it should work like the picture I've attached. Carefully review the IP addresses and Ports. DualWan-port25
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 22

Author Comment

by:Olaf De Ceuster
ID: 36534019
Already been down that path. No Go...duplicate entry.
Might update firmware and try again.
Will let you know.
Thank you heaps so far.
Olaf
0
 
LVL 4

Expert Comment

by:iworks-uworks
ID: 36534027
What firmware are using on what box? Can you post a screen shot of your first VIP with the external IP blurred or changed and also what you have entered for the 2nd rule before you hit OK and get the error message?
0
 
LVL 22

Author Comment

by:Olaf De Ceuster
ID: 36534312
Update to: v4.0,build5840,110715 (MR2) did the trick.
Two instances on port 25 allowed. Yeeaah.
Was starting to doubt myself.
Thanks heaps for your help.
Olaf
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month20 days, 11 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question