Solved

FortiGate 100A Configuration

Posted on 2013-01-20
9
985 Views
Last Modified: 2013-01-23
Hello,

I need assistance setting up and configuring a network for a remote site. It's a lot of information so bare with me. This site works independently and will not be on my already established network, decision by upper management. I ordered enterprise internet service from the local ISP. The provided me with a modem and 16 static IP addresses. Since upper management didnt want to spend any funding for network devices, I am forced to use a Fortigate 100A firewall/router that has been sitting on a shelf and a couple of Netgear switches. The remote site  has about 20 users. The site has a web server, FTP server, and a couple of other servers that they would like to access from outside of the network.  Here is the problem I am facing:

I have a Fortigate 100A firewall/router that I am using, but I having issues getting to the Internet from inside the firewall and I am not able to contact any devices on the internal from outside of the firewall. Here is the setup:

The ISP provided 16 static IP address:  
66.x.x.36 - 66.x.x.51    Mask: 255.255.255.0     Gateway 66.x.x.1

Internal IP addresses: (DHCP)
10.0.0.0/24

I have the Fortigate setup with the following config:
Outside interface - 66.x.x.36  gateway 66.x.x.1
Inside interface - 10.0.0.1     gateway 66.x.x.36
Firewall policy - allow ANY to and from 66.x.x.36
allow ANY to and from 10.0.0.0

The internal interface on the Fortigate connects to a Netgear switch that has all devices in the site connected to it. I have the DHCP server setup to dish out addresses (10.0.0.0) and the workstations are getting the address and are able to get out to the internet. The web server and FTP have static internal address not in the DHCP scope and they are not able to get to the internet. I am able to connect to these devices on the internal network but not from the outside. I am not sure what I am doing wrong. I would like for the web server and FTP server to have an external static address (66.x.x.40 and 66.x.x.41).

How do I need to setup this network so that all devices on the internal interface receive a 10.0.0.0 address and be able to access the internet. How do I get the web server and FTP server be able to access the internet internally and be able to be accessed from outside the network?

I am not sure if I am doing something wrong on the Fortigate or is my routing wrong?
0
Comment
Question by:rweaver313
  • 6
  • 3
9 Comments
 
LVL 10

Expert Comment

by:joelsplace
ID: 38799692
I'm confused.  You list a gateway on the internal interface.  The Fortigate doesn't have a setting for that that I have ever seen and devices on your network use the FG's address as the gateway.  In other words your internal network gateway is 10.0.0.1
0
 
LVL 10

Accepted Solution

by:
joelsplace earned 500 total points
ID: 38799694
Under the router section/static route you need one line that is 0.0.0.0/0.0.0.0 GW 66.x.x.1
and a second line 10.0.0.0/255.255.255.0
This is easy to miss.
0
 
LVL 10

Expert Comment

by:joelsplace
ID: 38799700
Forgot:  Line one needs Device set to wan1 or whatever your external interface is named and line 2 needs Device "whatever local interface is named"
0
 

Author Comment

by:rweaver313
ID: 38799763
Yes, the gateway for the internal network is 10.0.0.1

On the second line 10.0.0.0/255.255.255.0 am I using 66.x.x.1 as the gateway also?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 10

Expert Comment

by:joelsplace
ID: 38799767
On mine the GW is 0.0.0.0 but it doesn't allow you to change it and it only shows up when you click edit.
0
 
LVL 10

Expert Comment

by:joelsplace
ID: 38799769
The one I'm looking at is an 80 not a 100.
0
 

Author Comment

by:rweaver313
ID: 38799786
I will give it a try see what happens. Thanks!
0
 

Author Comment

by:rweaver313
ID: 38811583
I was able to get it to work with only one static route 0.0.0.0/0.0.0.0 66.x.x.1.
0
 
LVL 10

Expert Comment

by:joelsplace
ID: 38811744
I'm guessing yours was completely missing?
Glad it's working.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now