Solved

FortiGate 100A Configuration

Posted on 2013-01-20
9
990 Views
Last Modified: 2013-01-23
Hello,

I need assistance setting up and configuring a network for a remote site. It's a lot of information so bare with me. This site works independently and will not be on my already established network, decision by upper management. I ordered enterprise internet service from the local ISP. The provided me with a modem and 16 static IP addresses. Since upper management didnt want to spend any funding for network devices, I am forced to use a Fortigate 100A firewall/router that has been sitting on a shelf and a couple of Netgear switches. The remote site  has about 20 users. The site has a web server, FTP server, and a couple of other servers that they would like to access from outside of the network.  Here is the problem I am facing:

I have a Fortigate 100A firewall/router that I am using, but I having issues getting to the Internet from inside the firewall and I am not able to contact any devices on the internal from outside of the firewall. Here is the setup:

The ISP provided 16 static IP address:  
66.x.x.36 - 66.x.x.51    Mask: 255.255.255.0     Gateway 66.x.x.1

Internal IP addresses: (DHCP)
10.0.0.0/24

I have the Fortigate setup with the following config:
Outside interface - 66.x.x.36  gateway 66.x.x.1
Inside interface - 10.0.0.1     gateway 66.x.x.36
Firewall policy - allow ANY to and from 66.x.x.36
allow ANY to and from 10.0.0.0

The internal interface on the Fortigate connects to a Netgear switch that has all devices in the site connected to it. I have the DHCP server setup to dish out addresses (10.0.0.0) and the workstations are getting the address and are able to get out to the internet. The web server and FTP have static internal address not in the DHCP scope and they are not able to get to the internet. I am able to connect to these devices on the internal network but not from the outside. I am not sure what I am doing wrong. I would like for the web server and FTP server to have an external static address (66.x.x.40 and 66.x.x.41).

How do I need to setup this network so that all devices on the internal interface receive a 10.0.0.0 address and be able to access the internet. How do I get the web server and FTP server be able to access the internet internally and be able to be accessed from outside the network?

I am not sure if I am doing something wrong on the Fortigate or is my routing wrong?
0
Comment
Question by:rweaver313
  • 6
  • 3
9 Comments
 
LVL 10

Expert Comment

by:joelsplace
ID: 38799692
I'm confused.  You list a gateway on the internal interface.  The Fortigate doesn't have a setting for that that I have ever seen and devices on your network use the FG's address as the gateway.  In other words your internal network gateway is 10.0.0.1
0
 
LVL 10

Accepted Solution

by:
joelsplace earned 500 total points
ID: 38799694
Under the router section/static route you need one line that is 0.0.0.0/0.0.0.0 GW 66.x.x.1
and a second line 10.0.0.0/255.255.255.0
This is easy to miss.
0
 
LVL 10

Expert Comment

by:joelsplace
ID: 38799700
Forgot:  Line one needs Device set to wan1 or whatever your external interface is named and line 2 needs Device "whatever local interface is named"
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:rweaver313
ID: 38799763
Yes, the gateway for the internal network is 10.0.0.1

On the second line 10.0.0.0/255.255.255.0 am I using 66.x.x.1 as the gateway also?
0
 
LVL 10

Expert Comment

by:joelsplace
ID: 38799767
On mine the GW is 0.0.0.0 but it doesn't allow you to change it and it only shows up when you click edit.
0
 
LVL 10

Expert Comment

by:joelsplace
ID: 38799769
The one I'm looking at is an 80 not a 100.
0
 

Author Comment

by:rweaver313
ID: 38799786
I will give it a try see what happens. Thanks!
0
 

Author Comment

by:rweaver313
ID: 38811583
I was able to get it to work with only one static route 0.0.0.0/0.0.0.0 66.x.x.1.
0
 
LVL 10

Expert Comment

by:joelsplace
ID: 38811744
I'm guessing yours was completely missing?
Glad it's working.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question