Fortinet 60c manual NAT/Route mode with multiple external network connections

Page 24

Planning the FortiGate configuration

Getting started

 

 

You must configure routing to support the redundant WAN1 and WAN2 internet connections. Routing can be used to automatically redirect connections from an interface if its connection to the external network fails.

You can add firewall policies to control whether communications through the FortiGate unit operate in NAT or Route mode. Firewall policies control the flow of traffic based on the source address, destination address, and service of each packet. In NAT mode, the FortiGate unit performs network address translation before it sends the packet to the destination network. In Route mode, there is no address translation.

You typically use NAT/Route mode when the FortiGate unit is operating as a gateway between private and public networks. In this configuration, you would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet).

If you have multiple internal networks, such as a DMZ network in addition to the internal, private network, you could create route mode firewall policies for traffic flowing between them.

Figure 6: Example NAT/Route mode network configuration

 

 

 

 

 

 

 

 

Internal network

 

FortiGate-60 Unit

 

 

 

192.168.1.3

 

 

 

Internal

 

 

in NAT/Route mode

 

 

 

 

 

 

192.168.1.99

 

 

 

 

 

 

 

 

 

 

 

WAN1

 

 

 

 

 

 

 

 

Internet

204.23.1.5

INTERNAL

 

 

 

 

 

Route mode policies

PWR STATUS 1

2

3

4

DMZ

WAN1

WAN2

 

controlling traffic between

 

 

 

 

 

 

 

 

 

 

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

 

internal networks.

 

 

 

 

 

 

 

 

DMZ

DMZ network

 

NAT mode policies controlling

 

10.10.10.1

 

 

 

 

traffic between internal and

 

 

 

 

 

external networks.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

10.10.10.2

NAT/Route mode with multiple external network connections

In NAT/Route mode, you can configure the FortiGate unit with multiple redundant connections to the external network (usually the Internet). For example, you could create the following configuration:

WAN1 is the default interface to the external network (usually the Internet).

WAN2 is the redundant interface to the external network. You can also use the modem interface as a redundant connection to the external network.

Internal is the interface to the internal network.

You must configure routing to support redundant Internet connections. Routing can be used to automatically redirect connections from an interface if its connection to the external network fails.

24

01-28008-0018-20050128

Fortinet Inc.

Image 24
Contents Installation Guide January 01-28008-0018-20050128Trademarks Regulatory ComplianceTable of Contents Index Secure installation, configuration, and management IntroductionCommand line interface Web-based managerSetup wizard Document conventionsFortiGate Installation Guide FortiGate documentationRelated documentation Fortinet Knowledge CenterComments on Fortinet technical documentation FortiManager documentationCustomer service and technical support FortiMail documentationFortiLog documentation Customer service and technical support Customer service and technical support Getting started Package contents MountingTurning the FortiGate unit power on and off Power requirementsEnvironmental specifications To power on the FortiGate unitConnecting to the web-based manager To connect to the web-based managerConnecting to the command line interface CLI To connect to the CLIBits per second 9600 Data bits Parity Stop bits Flow controlQuick installation using factory defaults Go to System Network DNSFactory default FortiGate configuration settings Factory default Dhcp server configurationFactory default NAT/Route mode network configuration Factory default Transparent mode network configuration Factory default firewall configurationAdministrative access Management IPFactory default protection profiles StrictScan Planning the FortiGate configuration NAT/Route modeNAT/Route mode with multiple external network connections Example NAT/Route mode network configurationTransparent mode Example NAT/Route multiple internet connection configurationConfiguration options Web-based manager and setup wizardNext steps NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route modeUsing the web-based manager Dhcp or PPPoE configurationPPPoE settings User name Password Configuring basic settings To configure interfaces Go to System Network InterfaceTo configure DNS server settings Go to System Network DNS To add a default routeUsing the command line interface Configuring the FortiGate unit to operate in NAT/Route modeTo add/change the administrator password To configure interfacesExample Get system interfaceUsing the setup wizard To configure DNS server settingsSetup wizard settings Password External InterfaceDhcp server Internal serversConnecting the FortiGate unit to the networks Starting the setup wizardSetup wizard settings Antivirus FortiGate-60 NAT/Route mode connections FortiGate-60Configuring the networks Configuring the Modem interfaceGo to System Config Time To configure virus, attack, and spam definition updatesTo set the date and time To register the FortiGate unitGo to System Maintenance Update Center Transparent mode installation Preparing to configure Transparent modeTo change the Management IP Go to System Network Management Management IPReconnecting to the web-based manager To change to Transparent mode using the CLITo configure the management IP address To configure the default gatewayTo start the setup wizard Connecting the FortiGate unit to your network InternalTo register your FortiGate unit Go to System Maintenance Update Center High availability installation Configuring FortiGate units for HA operationHigh availability configuration settings Priorities of heartbeat device and monitor prioritiesGroup ID MAC Address To change the FortiGate unit host name Configuring FortiGate units for HA using the CLI Config system global Set hostname namestr endConnecting the cluster to your networks To configure the FortiGate unit for HA operationHA network configuration To connect the clusterInstalling and configuring the cluster Installing and configuring the cluster Configuring the modem interface Selecting a modem modeRedundant mode configuration Standalone mode configuration To operate in standalone mode Go to System Network ModemConfiguring modem settings ModeAuto-dial Redundant forConnecting and disconnecting the modem in Standalone mode To configure modem settings Go to System Network ModemTo connect to a dialup account Go to System Network Modem Defining a Ping Server Dead gateway detectionTo disconnect the modem ISPAdding firewall policies for modem connections Index CLIIndex