Deployment Scenarios for Various WAN Types

Leave a reply

WAN Type: Routing Mode Example 1

This is a typical example where ISP provides a network segment (a class C segment for example) to the user. Under such a condition, FortiWAN use one or more IP addresses, while the rest of the public IP addresses (from the assigned segment) will be under DMZ.

Servers with public IP addresses can be deployed in two places in the network (as illustrated in the figure below). It can be deployed either between the ATU-R and FortiWAN, i.e., behind the ATU-R but in front FortiWAN or inside the FortiWAN DMZ segment.

In this example, the router is assumed to be connected to FortiWAN’s WAN port1.

Network Information from ISP:

Client side IP segment is 211.102.30.0/24, Gateway (i.e. the IP for the router) is 211.102.30.254, while the netmask is 255.255.255.0.

FortiWAN’s IP is assumed as 211.102.30.253.

Servers in between ATU-R and FortiWAN occupy the IP range between 211.102.30.70-100.102.30.99.

WAN port is on port #1.

DMZ port is on port #2.

ISP supplies the router.

Hardware Configuration:

Connect the router with FortiWAN in WAN1 by referring to router’s user manual. Note: FortiWAN is viewed as a normal PC when connected to other network equipment.

Configuration Steps:

  1. Log onto the FortiWAN Web UI.
  2. Go to [System] → [Network Settings] → [WAN Settings].
  3. Under the WAN Link menu, select “1” and select “Enable” in Basic Settings.
  4. In the WAN Type scroll menu, select [Routing Mode].
  5. Set WAN port to port #1.
  6. Enter the corresponding up/down stream bandwidth. For example, if the type of ADSL connection is 512/64K, then enter [64] and [512] in the Up Stream and Down Stream parameter fields respectively. Note: The Up and Down Stream parameters will not affect the physical bandwidth provided by the ISP. It will only affect the BM and Statistical pages.
  7. Set the IPv4 Gateway to 211.21.30.254.
  8. In the IPv4 Basic Subnet section select the Subnet Type as “Subnet in WAN and DMZ”, as follows:
    • For IP(s) on Localhost field, enter [211.102.30.253]. l For IP(s) in WAN field, enter [211.102.30.70-211.102.30.99]. l In the Netmask field, enter [255.255.255.0].
    • In the DMZ Port field, enter [Port 2].
  9. Configuration complete.

Note: This example shows all addresses are in DMZ (211.102.30.1-211.102.30.69, 211.102.30.100211.102.30.252), except those specified in the “IP(s) in WAN” .

Pages: 1 2 3 4
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.