Connecting a private network to the Internet using NAT/Route mode

Connecting a private network to the Internet using NAT/Route mode
Connecting a private network to the Internet
using NAT/Route mode
In this example, you will learn how to connect and configure a new FortiGate unit
to securely connect a private network to the Internet. Typically, a FortiGate unit is
installed as a gateway or router between a private network and the Internet, where
the FortiGate operates in NAT/Route mode in order to hide the addresses of the
private network from prying eyes, while still allowing anyone on the private network
to freely connect to the Internet.
1. Connecting the network
2. Configuring the FortiGate unit’s interfaces
3. Creating a policy to enable NAT/Route mode
4. Results
Internet
WAN 1
FortiGate
NAT/Route
mode
port 1
Internal Network
Connecting the network
Connect the FortiGate WAN1 interface to
your ISP-supplied equipment.
Connect the internal network to the FortiGate
internal interface (typically port 1).
ISP
Power on the ISP’s equipment, the FortiGate
unit, and the PCs on the Internal network.
FortiGate
Configuring the FortiGate
unit’s interfaces
From a PC on the Internal network, connect
to the FortiGate web‑based manager using
either FortiExplorer or an Internet browser.
You can configure the PC to get its IP
address using DHCP and then browse
to https://192.168.1.99. You could also
give the PC a static IP address on the
192.168.1.0/255.255.255.0 subnet.
Login using admin and no password.
Go to System > Network > Interface and.
Edit the wan1 interface.
Set the Addressing Mode to Manual and
the IP/Netmask to your public IP.
Internal Network
Edit the internal interface.
Set the Addressing Mode to Manual and
set the IP/Netmask the private IP of the
FortiGate unit.
Go to Router > Static > Static Routes and
select Create New to add a default route.
Set the Destination IP/Mask to
0.0.0.0/0.0.0.0, set the Device to wan1,
and set the Gateway to the gateway (or
default route) provided by your ISP or to the
next hop router, depending on your network
requirements.
A default route always has a Destination
IP/Mask of 0.0.0.0/0.0.0.0. Normally, you
would have only one default route. If the
static route list already contains a default
route, you can edit it or delete it and add a
new one.
The FortiGate unit’s DNS Settings are set to
Use FortiGuard Services by default, which
is sufficient for most networks. However, if
you require the DNS servers to be changed,
go to System > Network > DNS and add
Primary and Secondary DNS servers.
Creating a policy to enable
NAT/Route mode
Go to Policy > Policy > Policy and select
Create New to add a security policy that
allows users on the private network to
access the Internet.
Select Enable NAT and Use Destination
Interface Address and click OK.
Some FortiGate models include this
security policy in the default configuration.
If you have one of these models, this step
has already been done for you and as
soon as your FortiGate unit is connected
and the computers on your internal
network are configured, they should be
able to access the Internet.
Results
On the PC that you used to connect to the
FortiGate internal interface, open a web
browser and browse to any Internet website.
You should also be able to connect to the
Internet using FTP or any other protocol or
connection method.
Go to Policy > Monitor > Policy Monitor
to view information about the sessions being
processed by the FortiGate unit.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising