10-02-2023 04:49 AM
Hello Team,
I need help with the following topology, right now I have the following:
FortiGate FW --"private ip"--> Switch --> Internal router --"Public ip"--> ISP
right now I have Public ip on the internal router and doing NAT on it, if i want to place the Public ip on the FW should i directly connect it from the ISP to the FW ? or there is another way to place the Public ip on the FW and change the configuration on the router ?
The main idea of this change is to do the NATTING on the FW not the router.
Thanks.
10-02-2023 05:04 AM
Hello!
Do you have BGP to your service provider? I would do dynamic routing/static routing of the public segment to the firewall and disable the NAT on the router. All you need is connecting segments between the router nad FW.
BR
10-02-2023 05:43 AM
Hello Daniel,
there is no BGP towards the ISP, what do you mean regarding the Dynamic routing ? to be configured between the FW and internal router ? like the Public is already on the FW what this the routing that will need to be done ?
10-02-2023 05:28 AM
You can config router as bridge using bvi.
10-02-2023 05:48 AM
Hello MHM,
I can see that the BVI is for multiple interfaces and useful for APs.
10-02-2023 06:32 AM
I dont get your reply'
Use bvi and use it for multiple interface' the router have two interface one toward ISP and other toward FW and I suggest to bridge these two interface.
10-02-2023 06:02 AM
Hello
What your diagram suggests is at present the fw is internet facing towards your wan router that is at present downstream towards the FW and upstream connecting to the ISP, Internal traffic ingresses via the switch, goes in/out of the fw and then is forwarded towards the wan rtr. If so, then I would say you will at least need to relocate the ISP connection onto the Fw, maybe even the NAT configuration too.
It is viable to make such changes however there isn’t enough information about your network at this time to provide a definitive answer, can you elaborate on the current topology, basically around the routing and services you are providing for you clients.
10-02-2023 06:29 AM
Hello Paul,
the traffic flow above is correct as you submit, the traffic comes from the users from behind the FW, then to the switch natting and public ip on the WAN router behind the ISP.
I can directly connect the FW to the ISP, but i was checking if there is anyway that we can have it like this and place the Public on the FW.
Thanks,
10-02-2023 06:30 AM
Hello @Monster2
you "only" have static IP from your ISP and have a default route to ISP IP add. ?
If yes, plug your ISP on your Firewall. NAT/FIltering Rules on your FW, FW placed in front of your network internal.
10-03-2023 10:46 PM
Hello Team,
Thanks for the help. The CU provided another public subnet, will remove the nat from the router and configure the public on the NAT of the FW.
10-03-2023 11:00 PM
Hello @Monster2
Thanks for your feedback.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide