Skip to main content

Fortigate guide for Begineer - 7

By




I've been written Basic Fortigate Unit Configuration up to part 1 to 6.
Now...I am going to write Advance Configuration Steps.

Most of the Company have two Internet Line for Primary and Backup.

I'd like to write how to setup two Internet line on one Fortigate unit.
Let's assume Primary Internet Line use Static IP and Backup Internet Line DHCP IP.
Here, I will use some IP address to configure Fortigate. You need to use real IP address of yours instead.

Firstly, I'm gonna setup Primary Intenet line.
- Connect the Line from Primary ISP to the WAN1 Port of Fortigate Unit.
- Log in to Fortigate by using Web-based Manager.
- Go to System>Network>Interface and Select WAN1 Interface. Then Edit as following picture




- Select Internal Interface and Edit as following,




- Go to Router>Static>Static Route and Select Create New. Add Default Route then.





- Go to System>Network>DNS. Add Primary, Secondary DNS serers address.
- Go to Policy>Poliicy>Policy. Select Create New and define the Security Policy as following picture to get Internet Access for Private/Internal Network through from WAN1 interface.
  Some Fortigate Model configured this as Default Policy.





- Select Enable NAT and Use Destination Interface Address.
- Select OK to save Security Poliicy.



Primary Internet Line Setup Task done. Now I'm gonna setup Backup Internet line.
- Connect Backup Internet Line to WAN2 port of Fortigate.
- Log in to Fortigate by using Web-Based Manager.
- Go to System>Network>Interface and Edit WAN2 Interface.
- Change Addressing Mode to DHCP. Select Retrieve Default Gateway from server. Uncheck the Override internal DNS checkbox.
- Select OK to save.
(Do not forget to select Retrieve Default Gateway from server to add Default Route into Routing Table)
- Go to Policy>Policy>Policy. Select Create New and Define Security Policy as following picture. To get Internet access from Private/Internal Network through from WAN2 interface.





- Select Enable NAT and Use Destination Interface Address.
- Select OK to save Security Policy.
Backup line setup done.

Now I'm going to set the default route to WAN1 to be the primary default route and add a ping server for WAN1 and WAN2
The Ping Servers Verifiy the ability of the WAN1 and WAN2 interfaces to connect to the Internet.



- Go to Router>Static>Static Route. Edit the WAN1 Default Route. Select Advance and set Distance to value to 10. (By Default it is 10).
- Go to System>Network>Interface. Edit the WAN2 Interface. Set Distance to value to 20. ( The value of Distance to can set any number higher than 10)
- To confirm which default route is now actually being used by the Fortigate unit, go to Router>Monitor>Routing Monitor to view the current Fortigate routing table.




- Go to Router>Static>Settings. Select Create New and Add Ping Server for WAN1 as following picture,




- Add Ping Server for WAN2 as following picture.





OK... Now settiing up two Internet line in one Fortigate unit is done.


May you all be happy.
(Be knowledgeable, pass it on then)



Labels:

Comments

Post a Comment

Popular posts from this blog

Fortigate guide for Begineer - 6

By
I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time. Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit. OK. Let's troubleshoot with following steps, 1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet. 2) Check the router and ISP-supplied equipment to make sure it is operating correctly. 3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network. From the internal network, attempt to ping the management IP address. If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on a...
Post a Comment
Read more

Why do we need network virtualization?

By
We need to think about Server Virtualization first if we want to talk about Network Virtualization. In the era of cloud computing, servers are virtualized and used in Data Centers. We are facing a lot of problem when we virtualized our Servers, 1) Routing and Switching Problem Routing become the issue when we create Virtual Switch and VLANs according to production requirement. Network Team might need some time to change on their end to meet with Server Virtualization Team changes on their end. ၂) Firewall Services Physical Firewall are difficult to manage due to the large number of rules needed to satisfy business requirements. New applications, new projects, and new networks all come with potential security requirements, which impact centralized firewall management. ၃) Load Balancing Let's say your company deploys a new physical load balancer for each tenant, resulting in increased capital expenditures. Once a tenant reaches their maximum capacity, it ca...
144 comments
Read more

Solving "WSUS administration console was unable to connect to the WSUS Server via the remote API" error

By
Today, I've got below when I try to connect my WSUS Server via WSUS Console. Below logs are display in Event Logs too. The WSUS administration console was unable to connect to the WSUS Server via the remote API.  Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. The WSUS administration console was unable to connect to the WSUS Server via the remote API. Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. System.Net.Sockets.SocketException -- No connection could be made because the target machine actively refused it 172.16.99.98:80 Source System Stack Trace:    at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)    at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Soc...
7 comments
Read more