Link to home
Start Free TrialLog in
Avatar of CruJones
CruJonesFlag for United States of America

asked on

Fortigate 100D and Comcast SMC Gateway causing weird DNS issue.

I have several clients using FortiGate firewalls but they are all using traditional ISP models (fiber and T1's).  This is the first time one of my clients using a FortiGate 100D firewall is using Comcast BusinessClass internet with an SMC Gateway device and I'm having a weird DNS issue.  Client has a static IP assigned from Comcast and according to 3 different phone calls to Comcast tech support the SMC gateway is configured in a "passive" mode (since they don't support a true bridge mode) so the static IP info can be assigned to our fully updated FortiGate 100D and we can use the public IP to access the SSL VPN portal, etc.  I assigned the static public IP info from Comcast to my laptop, plug into the Comcast gateway and I can get out on the internet without any problems.  When I assign the static public IP info to the WAN interface on the 100D, the internet connection on my primary and secondary domain controllers that are also our DNS servers drops and thus none of our clients that use those DNS servers can get out on the internet.  If I manually assign the client a DNS such as it can get out on the internet but that doesn't work for us, they need to be able to use the internal DNS servers.  The strange thing is if I configure the WAN interface on the 100D to use DHCP and allow the Comcast gateway to assign it one of it's internal IP's ( for example) everything works fine on the network except nobody can use the SSL VPN portal because the 100D doesn't actually have the public IP configured on the WAN interface.  

I've called FortiNet tech support and Comcast tech support numerous times but they just point the finger at each other and nothing has been resolved.  The 100D is brand new with updated firmware and no custom routes/rules/policies other than a general outbound internet rule.

Any suggestions or help would be MUCH appreciated.  Thanks!
Avatar of Leo
Flag of Australia image

have you made sure ports are listening and open for vpn connections, and nothing is blocking it, means no rules or ACL, and they are in the right VLAN group....
Avatar of CruJones
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Good to know its working properly :-)
Avatar of CruJones


Was able to figure out issue with FortiNet tech support and posted results here.