cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1338
Views
0
Helpful
10
Replies

Public ip assign to the FW

Monster2
Level 1
Level 1

Hello Team,

I need help with the following topology, right now I have the following:

FortiGate FW --"private ip"--> Switch --> Internal router  --"Public ip"--> ISP

right now I have Public ip on the internal router and doing NAT on it, if i want to place the Public ip on the FW should i directly connect it from the ISP to the FW ? or there is another way to place the Public ip on the FW and change the configuration on the router ?

The main idea of this change is to do the NATTING on the FW not the router.

Thanks.

10 Replies 10

DanielP211
VIP Alumni
VIP Alumni

Hello!

Do you have BGP to your service provider? I would do dynamic routing/static routing of the public segment to the firewall and disable the NAT on the router. All you need is connecting segments between the router nad FW.

BR

****Kindly rate all useful posts*****

Hello Daniel, 

there is no BGP towards the ISP, what do you mean regarding the Dynamic routing ? to be configured between the FW and internal router ? like the Public is already on the FW what this the routing that will need to be done ?

You can config router as bridge using bvi.

Hello MHM,
I can see that the BVI is for multiple interfaces and useful for APs.

I dont get your reply'

Use bvi and use it for multiple interface' the router have two interface one toward ISP and other toward FW and I suggest to bridge these two interface.

Hello
What your diagram suggests is at present the fw is internet facing towards your wan router that is at present downstream towards the FW and upstream connecting to the ISP, Internal traffic ingresses via the switch, goes in/out of the fw and then is forwarded towards the wan rtr. If so, then I would say you will at least need to relocate the ISP connection onto the Fw, maybe even the NAT configuration too.

It is viable to make such changes however there isn’t enough information about your network at this time to provide a definitive answer, can you elaborate on the current topology, basically around the routing and services you are providing for you clients.



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello Paul,

the traffic flow above is correct as you submit, the traffic comes from the users from behind the FW, then to the switch natting and public ip on the WAN router behind the ISP.

I can directly connect the FW to the ISP, but i was checking if there is anyway that we can have it like this and place the Public on the FW.

Thanks, 

M02@rt37
VIP
VIP

Hello @Monster2

you "only" have static IP from your ISP and have a default route to ISP IP add. ?

If yes, plug your ISP on your Firewall. NAT/FIltering Rules on your FW, FW placed in front of your network internal.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Monster2
Level 1
Level 1

Hello Team,
Thanks for the help. The CU provided another public subnet, will remove the nat from the router and configure the public on the NAT of the FW.

Hello @Monster2 

Thanks for your feedback.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.