Fortinet ORTIWIFI-60A /AM manual NAT/Route mode with multiple external network connections

Page 30

Planning the FortiWiFi configuration

Configuring the FortiWiFi

You typically use NAT/Route mode when the FortiWiFi unit is operating as a gateway between private and public networks. In this configuration, you would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet).

Note: If you have multiple internal networks, such as a DMZ network in addition to the internal, private network, you could create route mode firewall policies for traffic flowing between them.

Figure 4: Example NAT/Route mode network configuration.

			Internal Network
			192.168.1.3
			Internal
			192.168.1.99
			Routing policies controlling
			traffic between internal
			networks.
		WAN1	Internal
		WAN1	network
		204.23.1.5	network
		204.23.1.5
	Internet		DMZ
	Router	FortiWiFi-60AM	DMZ
	Router		10.10.10.1
			10.10.10.1
		in NAT mode
			10.10.10.2

NAT mode policies controlling traffic between internal and external networks.

NAT/Route mode with multiple external network connections

In NAT/Route mode, you can configure the FortiWiFi unit with multiple redundant connections to the Internet.

For example, you could create the following configuration:

•WAN1 is the default interface to the external network (usually the Internet)

•WAN2 is the redundant interface to the external network

•DMZ is interface to the DMZ network

•Internal is the interface to the internal network

You must configure routing to support redundant Internet connections. Routing can automatically redirect connections from an interface if its connection to the external network fails.

Otherwise, security policy configuration is similar to a NAT/Route mode configuration with a single Internet connection. You would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet).

30	FortiWiFi-60A/AM FortiOS 3.0 MR4 Install Guide
	01-30004-0283-20070215

Image 30

Contents Install G U I D E Trademarks Regulatory complianceContents Configuring the FortiWiFi Configuring the modem interfaceUsing a wireless network FortiWiFi FirmwareIndex Page About the FortiWiFi unit FortiWiFi-60A/AMFortinet Family Products Register your FortiWiFi unitFortiGuard Subscription Services FortiClientFortiReporter FortiMailFortiAnalyzer FortiBridgeAbout this document Document conventionsTypographic conventions Addressipv4FortiGate Install Guide Fortinet documentationCustomer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation Customer service and technical support Installing the FortiWiFi unit Package ContentsSpecifications Powering on the FortiWiFi unitTo power on the FortiWiFi unit MountingCommand line interface Connecting to the FortiWiFi unitPowering off the FortiWiFi unit To power off the FortiWiFi unitConnecting to the web-based manager To connect to the web-based managerConnecting to the CLI System DashboardWelcome Quick installation using factory defaultsTo connect to the CLI Bits per second 9600 Data bits ParityGo to System Network Options Quick installation using factory defaults Factory defaults Factory default Dhcp server configuration Factory default NAT/Route mode network configurationFactory default Transparent mode network configuration Factory default firewall configurationFactory default protection profiles Restoring the default settings using the CLI Restoring the default settingsRestoring the default settings using the web-based manager To reset the default settings Go to System StatusRestoring the default settings Planning the FortiWiFi configuration NAT/Route modeNAT/Route mode with multiple external network connections Example NAT/Route mode network configurationTransparent mode Example NAT/Route multiple internet connectionNAT/Route mode installation Preparing to configure the FortiWiFi unit in NAT/Route modeNAT/Route mode settings Administrator Password Internal Dhcp or PPPoE configurationUsing the web-based manager PPPoE setting User name PasswordConfiguring basic settings To configure interfaces Go to System Network InterfaceUsing the command line interface Adding a default routeVerifying the web-based manager configuration Configuring the FortiWiFi unit to operate in NAT/Route modeExample To add/change the administrator passwordTo configure interfaces To set the WAN1 interface to use DHCP, enterTo set the WAN1 interface to use PPPoE, enter To configure DNS server settingsTo add a default route Get system interfaceConnecting the FortiWiFi unit to the networks To connect the FortiWiFi unitConfiguring the networks NAT/Route mode connectionsTransparent mode settings Administrator Password Transparent mode installationPreparing to configure Transparent mode DNS SettingsTo change to Transparent mode using the CLI To verify the DNS server settingsReconnecting to the web-based manager Connecting the FortiWiFi unit to your networkTo connect the FortiWiFi unit running in Transparent mode Next steps Set the date and timeUpdating antivirus and IPS signatures Updating the IPS signatures from the CLI Scheduling antivirus and IPS updatesTo update IPS signatures using the CLI EveryDaily To enable schedule updates from the CLIAdding an override server WeeklyTo add an override server using the CLI Config system autoupdate override set address Set status EndNext steps Configuring the modem interface Stand alone mode configuration Selecting a modem modeRedundant mode configuration To configure the FortiWiFi-60A using the CLIEnter the following to configure the dialup account Configuring modem settings To connect to a dial-up account Go to System Network Modem Connecting and disconnecting the modem in Stand alone modeTo configure modem settings Go to System Network Modem To disconnect the modemConfiguring the modem using the CLI Keywords and variables Description DefaultPeermodem1 Adding a Ping Server Adding firewall policies for modem connectionsDead gateway detection Setting up a wireless network FortiWiFi unit as an Access PointPositioning an Access Point Using multiple access pointsRadio Frequency interface Wireless Security Wireless Equivalent Privacy WEPWi-Fi Protected Access WPA Additional security measuresMAC address filtering Access Point mode FortiWiFi operation modesService Set Identifier To disable Ssid Go to System Wireless SettingsSetting up the FortiWiFi unit as an Access Point Client modeChanging the operating mode Set the Dhcp settings To set the data security Go to System Wireless SettingsSet the security options Configure the firewall policies Upgrading the firmware using the web-based manager To upgrade the firmware using the web-based managerUpgrading to a new firmware version Execute restore image Tftp namestr tftpipv4 Upgrading the firmware using the CLITo upgrade the firmware using the CLI Execute restore image image.outExecute update-now Reverting to a previous firmware versionReverting to a previous firmware version using the CLI To revert to a previous firmware version using the CLIExecute restore image Tftp image.out To install firmware from a system reboot Enter Tftp Server Address Press Any Key To Download Boot ImagePress any key to display configuration menu Enter Local AddressFortiUSB key Restoring the previous configurationSave as Default firmware/Run image without savingD/R Do You Want To Save The Image? y/nBackup and Restore from the FortiUSB key To backup configuration using the CLITo restore configuration using the CLI Using the USB Auto-Install feature To configure the USB Auto-Install using the CLITesting a new firmware image before installing it Additional CLI Commands for the FortiUSB keyTo test a new firmware image Testing a new firmware image before installing it Type n FortiWiFi unit running v3.x Bios Testing a new firmware image before installing it Index Numerics01-30004-0283-20070215