08-12-2024 11:21 PM
Dear all,
I am configuring a network comosed by the next devices:
- Router Cisco C1121-4P
- Fortigate Firewall
Configuration on the router is the next: One port is confifured by PPOE, the ISP provides automatically the public IP. Another port is configured with an IP on the network 192.168.10.X/24. This network only connect Firewall and router.
If I connect all the devices and I try to navigate on internet, system allows a device to connect to internet.
The problem is when I try to connect form outside to inside, for example, to manage the firewall remotely. Something on the router is disallowing me thsi communication.
I want to ask if anyone knows any command which set router as DMZ router. I am interested on manage the traffic from the firewall, not from the router.
Thank you in advance!
08-13-2024 12:22 AM
Hello!
You will have to setup NAT on the C1121-4P. ISP interface will be nat outside, and the other one nat inside. You will also need a static nat statemet that will translate the public IP to the private IP of the firewall. Let me also note that your design dosen't seem optimal. What is the point of the router if you will direct all traffic only to the firewall? Why wouldn't you connect the firewall directly to the ISP? If you need more detailed configuration I can provide you a template.
BR
08-13-2024 12:32 AM
Hello!
I have already configured NAT interface as you told. I configured NAT translation as overload NAT translation instead of an static NAT translatios, does it make any difference?
About the network, I also think it is better to connect ISP directly to the firewall, but it is designed by an external person who want to manage it like it. I have same opinion, it is unefficient.
Thank you!
08-13-2024 12:59 AM
If you want to connect to the firewall over the internet/in your case the pppoe link to the https of the forty. You will have to create a PAT - port address translation. Something like this:
ip nat inside source static tcp 192.168.10.XX 8443 PPPOE_IP_ADDRESS 443 extendable
BR
08-14-2024 03:45 AM
The big difference between static and dynamic NAT is directional
Static is bidirectional' i.e. you can access from inside to outside and from outside to inside.
Dymanic only use for inside to outside
So as @DanielP211 mentioned ypu need PAT to access FW from Internet
MHM
08-13-2024 12:24 AM
can you share the topology
MHM
08-13-2024 12:36 AM
08-13-2024 12:39 AM - edited 08-14-2024 03:40 AM
Thanks
MHM
08-13-2024 05:51 AM
FW is not between ISP and router. Its the other way around. The router is inbetween both. So PAT has to be done on the router to access to FW from outside.
BR
08-14-2024 03:23 AM - edited 08-14-2024 03:41 AM
Thanks
MHM
08-14-2024 03:37 AM
The firewall is not connected directly to the ISP. Please refer to the topology image and the description in the initial question.
BR
08-26-2024 11:13 PM
Then, the options are to configure Dynamic NAT and PAT on the router , or configure only static NAT?
If I am wrong please, correct me. Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide