Avatar of CruJones
Flag for United States of America asked on

Fortigate 100D and Comcast SMC Gateway causing weird DNS issue.

I have several clients using FortiGate firewalls but they are all using traditional ISP models (fiber and T1's).  This is the first time one of my clients using a FortiGate 100D firewall is using Comcast BusinessClass internet with an SMC Gateway device and I'm having a weird DNS issue.  Client has a static IP assigned from Comcast and according to 3 different phone calls to Comcast tech support the SMC gateway is configured in a "passive" mode (since they don't support a true bridge mode) so the static IP info can be assigned to our fully updated FortiGate 100D and we can use the public IP to access the SSL VPN portal, etc.  I assigned the static public IP info from Comcast to my laptop, plug into the Comcast gateway and I can get out on the internet without any problems.  When I assign the static public IP info to the WAN interface on the 100D, the internet connection on my primary and secondary domain controllers that are also our DNS servers drops and thus none of our clients that use those DNS servers can get out on the internet.  If I manually assign the client a DNS such as it can get out on the internet but that doesn't work for us, they need to be able to use the internal DNS servers.  The strange thing is if I configure the WAN interface on the 100D to use DHCP and allow the Comcast gateway to assign it one of it's internal IP's ( for example) everything works fine on the network except nobody can use the SSL VPN portal because the 100D doesn't actually have the public IP configured on the WAN interface.  

I've called FortiNet tech support and Comcast tech support numerous times but they just point the finger at each other and nothing has been resolved.  The 100D is brand new with updated firmware and no custom routes/rules/policies other than a general outbound internet rule.

Any suggestions or help would be MUCH appreciated.  Thanks!
Hardware FirewallsRoutersBroadband

Avatar of undefined
Last Comment

8/22/2022 - Mon

have you made sure ports are listening and open for vpn connections, and nothing is blocking it, means no rules or ACL, and they are in the right VLAN group....

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Good to know its working properly :-)

Was able to figure out issue with FortiNet tech support and posted results here.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy