Installing a FortiGate in NAT mode

Installing FortiGate in NAT mode in just a few steps.

Connecting network devices

Fortigate NAT1 Mode
Installing a FortiGate in NAT 5 mode

First, in this example you connect and configure a new FortiGate in NAT mode, in order to securely connect a private network to the Internet.

In NAT mode, you install as a gateway or router between two networks. Typically, you configure the Firewall between a private network and the Internet, as it allows FortiGate to hide the IP addresses of the private network using NAT.

Consequently, NAT mode is the most used operational mode in implementations.

Configuring Interfaces on the FortiGate Firewall

  1. At first, to edit the Internet-facing interface (in the example, wan1), go to Network> Interfaces.
  2. Second, define the estimated bandwidth for the interface based on your Internet connection.
  3. Also, set the function to WAN.
Fortigate1 interface
Configuration Tele
//forti1.com/por-que-voce-precisa-da-seguranca-do-endpoint/
  1. First of all, to determine which addressing mode to use, check if your ISP provides an IP address for you to use or if your ISP equipment uses DHCP to assign IP addresses.
    1. Whereas if your ISP provides an IP address, set the addressing mode to Manual and set the net / IP mask to that IP address.
    2. On the other hand, if your ISP device uses DHCP, set the Addressing mode to DHCP to allow the device to assign an IP address to WAN1.
  2. Edit the lan interface, which is called internal on some FortiGate models.
  3. Set the function to LAN.
  4. Set the Addressing mode to Manual and set the netmask / IP to the private IP address you want to use for FortiGate.
  5. Still, if you need to assign IP addresses to devices on your internal network, enable DHCP Server.
DHCP FortiGate 11
Firewall Interface Screen

Adding a default route in FortiGate Firewall

  1. To create a new default route, go to Network> Static routes. Typically, you have only one default route. If the list of static routes already contains a default route, you can edit it or delete the route and add a new one.
  2. Set Destination to Subnet and leave the destination IP address set to 0.0.0.0/0.0.0.0.
  3. Set Gateway to the IP address provided by your ISP and Interface for the Internet interface.
DEFAULT ROUTE FORTIGATE1
Added Routes
//forti1.com/melhores-praticas-fortigate-1/
EN
Scroll to Top