FortiGate 100A Configuration

Posted on 2013-01-20
Last Modified: 2013-01-23

I need assistance setting up and configuring a network for a remote site. It's a lot of information so bare with me. This site works independently and will not be on my already established network, decision by upper management. I ordered enterprise internet service from the local ISP. The provided me with a modem and 16 static IP addresses. Since upper management didnt want to spend any funding for network devices, I am forced to use a Fortigate 100A firewall/router that has been sitting on a shelf and a couple of Netgear switches. The remote site  has about 20 users. The site has a web server, FTP server, and a couple of other servers that they would like to access from outside of the network.  Here is the problem I am facing:

I have a Fortigate 100A firewall/router that I am using, but I having issues getting to the Internet from inside the firewall and I am not able to contact any devices on the internal from outside of the firewall. Here is the setup:

The ISP provided 16 static IP address:  
66.x.x.36 - 66.x.x.51    Mask:     Gateway 66.x.x.1

Internal IP addresses: (DHCP)

I have the Fortigate setup with the following config:
Outside interface - 66.x.x.36  gateway 66.x.x.1
Inside interface -     gateway 66.x.x.36
Firewall policy - allow ANY to and from 66.x.x.36
allow ANY to and from

The internal interface on the Fortigate connects to a Netgear switch that has all devices in the site connected to it. I have the DHCP server setup to dish out addresses ( and the workstations are getting the address and are able to get out to the internet. The web server and FTP have static internal address not in the DHCP scope and they are not able to get to the internet. I am able to connect to these devices on the internal network but not from the outside. I am not sure what I am doing wrong. I would like for the web server and FTP server to have an external static address (66.x.x.40 and 66.x.x.41).

How do I need to setup this network so that all devices on the internal interface receive a address and be able to access the internet. How do I get the web server and FTP server be able to access the internet internally and be able to be accessed from outside the network?

I am not sure if I am doing something wrong on the Fortigate or is my routing wrong?
Question by:rweaver313
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
LVL 10

Expert Comment

ID: 38799692
I'm confused.  You list a gateway on the internal interface.  The Fortigate doesn't have a setting for that that I have ever seen and devices on your network use the FG's address as the gateway.  In other words your internal network gateway is
LVL 10

Accepted Solution

joelsplace earned 500 total points
ID: 38799694
Under the router section/static route you need one line that is GW 66.x.x.1
and a second line
This is easy to miss.
LVL 10

Expert Comment

ID: 38799700
Forgot:  Line one needs Device set to wan1 or whatever your external interface is named and line 2 needs Device "whatever local interface is named"
Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!


Author Comment

ID: 38799763
Yes, the gateway for the internal network is

On the second line am I using 66.x.x.1 as the gateway also?
LVL 10

Expert Comment

ID: 38799767
On mine the GW is but it doesn't allow you to change it and it only shows up when you click edit.
LVL 10

Expert Comment

ID: 38799769
The one I'm looking at is an 80 not a 100.

Author Comment

ID: 38799786
I will give it a try see what happens. Thanks!

Author Comment

ID: 38811583
I was able to get it to work with only one static route 66.x.x.1.
LVL 10

Expert Comment

ID: 38811744
I'm guessing yours was completely missing?
Glad it's working.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to configure this in fortinet firewall 2 105
Diagnosing Ethernet network problems on Windows 2012 R2? 3 114
SSL-VPN 1 90
How to change ESXi 6.5 NIC E1000 to vmxnet3 9 86
When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question