FortiGate 100A Configuration
Posted on 2013-01-20
I need assistance setting up and configuring a network for a remote site. It's a lot of information so bare with me. This site works independently and will not be on my already established network, decision by upper management. I ordered enterprise internet service from the local ISP. The provided me with a modem and 16 static IP addresses. Since upper management didnt want to spend any funding for network devices, I am forced to use a Fortigate 100A firewall/router that has been sitting on a shelf and a couple of Netgear switches. The remote site has about 20 users. The site has a web server, FTP server, and a couple of other servers that they would like to access from outside of the network. Here is the problem I am facing:
I have a Fortigate 100A firewall/router that I am using, but I having issues getting to the Internet from inside the firewall and I am not able to contact any devices on the internal from outside of the firewall. Here is the setup:
The ISP provided 16 static IP address:
66.x.x.36 - 66.x.x.51 Mask: 255.255.255.0 Gateway 66.x.x.1
Internal IP addresses: (DHCP)
I have the Fortigate setup with the following config:
Outside interface - 66.x.x.36 gateway 66.x.x.1
Inside interface - 10.0.0.1 gateway 66.x.x.36
Firewall policy - allow ANY to and from 66.x.x.36
allow ANY to and from 10.0.0.0
The internal interface on the Fortigate connects to a Netgear switch that has all devices in the site connected to it. I have the DHCP server setup to dish out addresses (10.0.0.0) and the workstations are getting the address and are able to get out to the internet. The web server and FTP have static internal address not in the DHCP scope and they are not able to get to the internet. I am able to connect to these devices on the internal network but not from the outside. I am not sure what I am doing wrong. I would like for the web server and FTP server to have an external static address (66.x.x.40 and 66.x.x.41).
How do I need to setup this network so that all devices on the internal interface receive a 10.0.0.0 address and be able to access the internet. How do I get the web server and FTP server be able to access the internet internally and be able to be accessed from outside the network?
I am not sure if I am doing something wrong on the Fortigate or is my routing wrong?