Link to home
Start Free TrialLog in
Avatar of rweaver313
rweaver313

asked on

FortiGate 100A Configuration

Hello,

I need assistance setting up and configuring a network for a remote site. It's a lot of information so bare with me. This site works independently and will not be on my already established network, decision by upper management. I ordered enterprise internet service from the local ISP. The provided me with a modem and 16 static IP addresses. Since upper management didnt want to spend any funding for network devices, I am forced to use a Fortigate 100A firewall/router that has been sitting on a shelf and a couple of Netgear switches. The remote site  has about 20 users. The site has a web server, FTP server, and a couple of other servers that they would like to access from outside of the network.  Here is the problem I am facing:

I have a Fortigate 100A firewall/router that I am using, but I having issues getting to the Internet from inside the firewall and I am not able to contact any devices on the internal from outside of the firewall. Here is the setup:

The ISP provided 16 static IP address:  
66.x.x.36 - 66.x.x.51    Mask: 255.255.255.0     Gateway 66.x.x.1

Internal IP addresses: (DHCP)
10.0.0.0/24

I have the Fortigate setup with the following config:
Outside interface - 66.x.x.36  gateway 66.x.x.1
Inside interface - 10.0.0.1     gateway 66.x.x.36
Firewall policy - allow ANY to and from 66.x.x.36
allow ANY to and from 10.0.0.0

The internal interface on the Fortigate connects to a Netgear switch that has all devices in the site connected to it. I have the DHCP server setup to dish out addresses (10.0.0.0) and the workstations are getting the address and are able to get out to the internet. The web server and FTP have static internal address not in the DHCP scope and they are not able to get to the internet. I am able to connect to these devices on the internal network but not from the outside. I am not sure what I am doing wrong. I would like for the web server and FTP server to have an external static address (66.x.x.40 and 66.x.x.41).

How do I need to setup this network so that all devices on the internal interface receive a 10.0.0.0 address and be able to access the internet. How do I get the web server and FTP server be able to access the internet internally and be able to be accessed from outside the network?

I am not sure if I am doing something wrong on the Fortigate or is my routing wrong?
Avatar of joelsplace
joelsplace
Flag of Afghanistan image

I'm confused.  You list a gateway on the internal interface.  The Fortigate doesn't have a setting for that that I have ever seen and devices on your network use the FG's address as the gateway.  In other words your internal network gateway is 10.0.0.1
ASKER CERTIFIED SOLUTION
Avatar of joelsplace
joelsplace
Flag of Afghanistan image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Forgot:  Line one needs Device set to wan1 or whatever your external interface is named and line 2 needs Device "whatever local interface is named"
Avatar of rweaver313
rweaver313

ASKER

Yes, the gateway for the internal network is 10.0.0.1

On the second line 10.0.0.0/255.255.255.0 am I using 66.x.x.1 as the gateway also?
On mine the GW is 0.0.0.0 but it doesn't allow you to change it and it only shows up when you click edit.
The one I'm looking at is an 80 not a 100.
I will give it a try see what happens. Thanks!
I was able to get it to work with only one static route 0.0.0.0/0.0.0.0 66.x.x.1.
I'm guessing yours was completely missing?
Glad it's working.