I have several clients using FortiGate firewalls but they are all using traditional ISP models (fiber and T1's). This is the first time one of my clients using a FortiGate 100D firewall is using Comcast BusinessClass internet with an SMC Gateway device and I'm having a weird DNS issue. Client has a static IP assigned from Comcast and according to 3 different phone calls to Comcast tech support the SMC gateway is configured in a "passive" mode (since they don't support a true bridge mode) so the static IP info can be assigned to our fully updated FortiGate 100D and we can use the public IP to access the SSL VPN portal, etc. I assigned the static public IP info from Comcast to my laptop, plug into the Comcast gateway and I can get out on the internet without any problems. When I assign the static public IP info to the WAN interface on the 100D, the internet connection on my primary and secondary domain controllers that are also our DNS servers drops and thus none of our clients that use those DNS servers can get out on the internet. If I manually assign the client a DNS such as 220.127.116.11 it can get out on the internet but that doesn't work for us, they need to be able to use the internal DNS servers. The strange thing is if I configure the WAN interface on the 100D to use DHCP and allow the Comcast gateway to assign it one of it's internal IP's (10.1.10.2 for example) everything works fine on the network except nobody can use the SSL VPN portal because the 100D doesn't actually have the public IP configured on the WAN interface.
I've called FortiNet tech support and Comcast tech support numerous times but they just point the finger at each other and nothing has been resolved. The 100D is brand new with updated firmware and no custom routes/rules/policies other than a general outbound internet rule.
Any suggestions or help would be MUCH appreciated. Thanks!