Fortinet 50A/50B NAT/Route mode with multiple external network connections, Internet Router

Page 34

Planning the FortiGate configuration

Configuring the FortiGate unit

You typically use NAT/Route mode when the FortiGate unit is operating as a gateway between private and public networks. In this configuration, you create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet).

Figure 8: Example NAT/Route mode network configuration for a FortiGate-50A.

.

External	Internal	Internal network
External	Internal
204.23.1.5	192.168.1.99

Internet

Router

192.168.1.3

FortiGate-50A

NAT mode policies controlling traffic between internal and external networks.

NAT/Route mode with multiple external network connections

In NAT/Route mode, you can configure the FortiGate unit with multiple redundant connections to the external network (usually the Internet).

For example, you could create the following configuration:

•External or WAN1 is the default interface to the external network (usually the Internet)

•Modem is the redundant interface to the external network for the FortiGate-50A

•WAN2 is the redundant interface to the external network on the FortiGate-50B and FortiWiFi-50B.

•DMZ is the redundant interface to the external network on the FortiGate-100

•Internal is the interface to the internal network

You must configure routing to support redundant Internet connections. Routing can automatically redirect connections from an interface if its connection to the external network fails.

Otherwise, security policy configuration is similar to a NAT/Route mode configuration with a single Internet connection. You would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet).

Figure 9: NAT/Route multiple internet connection configuration for a FortiGate-50A

.

	External	Internal	Internal network
	204.23.1.5	Internal	Internal network
	204.23.1.5	192.168.1.1
		192.168.1.1
	Internet
		FortiGate-50A	192.168.1.3
	MODEM	FortiGate-50A

NAT mode policies controlling traffic between internal and external networks.

34	FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide
	01-30004-0265-20070831

Image 34

Contents Install G U I D E Trademarks Regulatory complianceContents Factory defaults Configuring the FortiGate unitUsing a wireless network Configuring the modem interfaceFortiGate Firmware Reverting to a previous firmware version IndexFortiUSB key About the FortiGate unit IntroductionFortiGate-50A FortiGate-100 FortiWiFi-50BFortiGate-50B Register your FortiGate unitFortiClient FortiGuard Subscription ServicesFortinet Family Products FortiMailFortiReporter About this documentFortiAnalyzer FortiBridgeDocument conventions Typographic conventionsFortinet documentation Fortinet Knowledge Center Customer service and technical supportFortinet Tools and Documentation CD Comments on Fortinet technical documentationCustomer service and technical support Installing the FortiGate unit Package ContentsPower Requirements Technical Specifications DimensionsWeight SpecificationsFortiWiFi-50B package contents FortiGate-100 package contents Front BackTo power on the FortiGate unit Powering on the FortiGate unitMounting Power over Ethernet Command line interface Powering off the FortiGate unitConnecting to the FortiGate unit Connecting to the web-based managerFortiGate login To connect to the web-based managerBits per second 9600 Data bits Parity Connecting to the CLITo connect to the CLI Stop bits Flow controlQuick installation using factory defaults Quick configuration using default settingsGo to System Network Options Quick installation using factory defaults Factory defaults Factory default Dhcp server configuration Factory default NAT/Route mode network configurationAdministrative access Factory default Transparent mode network configurationFactory default firewall configuration Management IPFactory default protection profiles Restoring the default settings using the CLI Restoring the default settingsRestoring the default settings using the web-based manager To reset the default settings Go to System StatusRestoring the default settings Planning the FortiGate configuration Configuring the FortiGate unitNAT/Route mode NAT/Route mode with multiple external network connections Internet RouterTransparent mode NAT/Route mode settings NAT/Route mode installationPreparing to configure the FortiGate unit in NAT/Route mode Go to System Network InterfaceUsing the web-based manager Dhcp or PPPoE configurationConfiguring basic settings To configure interfaces Go to System Network Interface Adding a default routeTo add a default route Go to Router Static Configuring the FortiGate unit to operate in NAT/Route mode Verifying the web-based manager configurationUsing the command line interface Verify the connectionTo set the external interface to use DHCP, enter To configure DNS server settingsExample To set the external interface to use PPPoE, enterTo add a default route Configuring the networks Connecting the FortiGate unit to the networksTo connect the FortiGate unit Transparent mode settings Administrator Password Transparent mode installationPreparing to configure Transparent mode DNS SettingsTo change to Transparent mode using the CLI To verify the DNS server settingsConnecting the FortiGate unit to your network Reconnecting to the web-based managerTo connect the FortiGate unit running in Transparent mode Next steps Set the date and timeUpdating antivirus and IPS signatures To enable schedule updates from the CLI Scheduling antivirus and IPS updatesTo update IPS signatures using the CLI Updating the IPS signatures from the CLITo add an override server using the CLI Adding an override serverNext steps Configuring the modem interface Connecting a modem to the FortiGate-50ARedundant mode configuration Selecting a modem modeStand alone mode configuration Configuring the modem for the FortiGate-50A Mode must be standalone Interface nameCLI commands for the FortiGate-50A Phone-numberAdding a Ping Server Dead gateway detectionAdding firewall policies for modem connections Using a wireless network Setting up a wireless networkPositioning an Access Point Radio Frequency interfaceUsing multiple access points Using multiple APs to provide a constant strong signalWireless Equivalent Privacy WEP Wireless SecurityWi-Fi Protected Access WPA Access Point mode FortiWiFi-50B operation modesService Set Identifier Additional security measuresClient mode FortiWiFi in Access Point modeChanging the operating mode Setting up the FortiWiFi-50B as an Access PointSet the Dhcp settings To set the data security Go to System Wireless Settings Configure the firewall policiesSet the security options FortiGate Firmware Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager Upgrading to a new firmware versionUpgrading the firmware using the CLI To upgrade the firmware using the CLIFor information, see the FortiGate Administration Guide Reverting to a previous firmware versionReverting to a previous firmware version using the CLI To revert to a previous firmware version using the CLIExecute ping To install firmware from a system reboot Press Any Key To Download Boot Image Restoring the previous configuration To backup configuration using the CLI Backup and Restore from the FortiUSB keyFortiUSB key To restore configuration using the CLI Using the USB Auto-Install featureTo configure the USB Auto-Install using the CLI Additional CLI commands for the FortiUSB key Testing a new firmware image before installing itTo test a new firmware image Testing a new firmware image before installing it Installing and using a backup firmware image Installing a backup firmware imageTo install a backup firmware image Press any key to enter configuration menuEnter File Name image.out Installing and using a backup firmware image Index CLIWall mounting Web-based manager, connecting

Related manuals

Manual 272 pages 22.37 Kb