connecting a private network to the internet using nat...
TRANSCRIPT
Internet
FortiGate
Internal Network
port 1
WAN 1
NAT/Routemode
1. Connecting the network
2. Configuring the FortiGate unit’s interfaces
3. Creating a policy to enable NAT/Route mode
4. Results
Connecting a private network to the Internet using NAT/Route modeIn this example, you will learn how to connect and configure a new FortiGate unit to securely connect a private network to the Internet. Typically, a FortiGate unit is installed as a gateway or router between a private network and the Internet, where the FortiGate operates in NAT/Route mode in order to hide the addresses of the private network from prying eyes, while still allowing anyone on the private network to freely connect to the Internet.
Connecting the networkConnect the FortiGate WAN1 interface to your ISP-supplied equipment.
Connect the internal network to the FortiGate internal interface (typically port 1).
Power on the ISP’s equipment, the FortiGate unit, and the PCs on the Internal network.
Configuring the FortiGate unit’s interfacesFrom a PC on the Internal network, connect to the FortiGate web-based manager using either FortiExplorer or an Internet browser.
You can configure the PC to get its IP address using DHCP and then browse to https://192.168.1.99. You could also give the PC a static IP address on the 192.168.1.0/255.255.255.0 subnet.
Login using admin and no password.
Go to System > Network > Interface and. Edit the wan1 interface.
Set the Addressing Mode to Manual and the IP/Netmask to your public IP.
ISP
FortiGateInternal Network
Edit the internal interface.
Set the Addressing Mode to Manual and set the IP/Netmask the private IP of the FortiGate unit.
Go to Router > Static > Static Routes and select Create New to add a default route.
Set the Destination IP/Mask to 0.0.0.0/0.0.0.0, set the Device to wan1, and set the Gateway to the gateway (or default route) provided by your ISP or to the next hop router, depending on your network requirements.
A default route always has a Destination IP/Mask of 0.0.0.0/0.0.0.0. Normally, you would have only one default route. If the static route list already contains a default route, you can edit it or delete it and add a new one.
The FortiGate unit’s DNS Settings are set to Use FortiGuard Services by default, which is sufficient for most networks. However, if you require the DNS servers to be changed, go to System > Network > DNS and add Primary and Secondary DNS servers.
Creating a policy to enable NAT/Route modeGo to Policy > Policy > Policy and select Create New to add a security policy that allows users on the private network to access the Internet.
Select Enable NAT and Use Destination Interface Address and click OK.
Some FortiGate models include this security policy in the default configuration. If you have one of these models, this step has already been done for you and as soon as your FortiGate unit is connected and the computers on your internal network are configured, they should be able to access the Internet.
ResultsOn the PC that you used to connect to the FortiGate internal interface, open a web browser and browse to any Internet website. You should also be able to connect to the Internet using FTP or any other protocol or connection method.
Go to Policy > Monitor > Policy Monitor to view information about the sessions being processed by the FortiGate unit.