Here the port1 on the firewall is connected to the home router, the IP address of the home router is 192.168.8.1/24. Here we will assign an IP address of 192.168.8.10/24 to port1. By default port1 is configured to receive an IP address via DHCP.
FortiGate-VM64-KVM # config system interface
FortiGate-VM64-KVM (interface) # edit port1
FortiGate-VM64-KVM (port1) # set mode static
FortiGate-VM64-KVM (port1) # set ip 192.168.8.10/24
FortiGate-VM64-KVM (port1) # set allowaccess https http ssh ping
FortiGate-VM64-KVM (port1) # show
config system interface
edit "port1"
set vdom "root"
set ip 192.168.8.10 255.255.255.0
set allowaccess ping https ssh http
set type physical
set snmp-index 1
next
end
FortiGate-VM64-KVM (port1) # set ip 192.168.8.10/24
FortiGate-VM64-KVM (port1) # set allowaccess https http ssh ping
FortiGate-VM64-KVM (port1) # show
config system interface
edit "port1"
set vdom "root"
set ip 192.168.8.10 255.255.255.0
set allowaccess ping https ssh http
set type physical
set snmp-index 1
next
end
FortiGate-VM64-KVM (1) # end
Lets check the ip address and confirm the connectivity between the Firewall and the Home Router.
FortiGate-VM64-KVM # diagnose ip address list
IP=192.168.8.10->192.168.8.10/255.255.255.0 index=3 devname=port1
FortiGate-VM64-KVM # execute ping 192.168.8.1
PING 192.168.8.1 (192.168.8.1): 56 data bytes
64 bytes from 192.168.8.1: icmp_seq=0 ttl=64 time=90.6 ms
64 bytes from 192.168.8.1: icmp_seq=1 ttl=64 time=4.3 ms
However this config is not enough to allow the Firewall to communicate with internet as there is no default route configured. Let's configure a default route and make the home router as the gateway.
FortiGate-VM64-KVM # get router info routing-table static
No route available
FortiGate-VM64-KVM # config router static
FortiGate-VM64-KVM (static) # edit 1
FortiGate-VM64-KVM (1) # set dst 0.0.0.0/0
FortiGate-VM64-KVM (1) # set gateway 192.168.8.1
FortiGate-VM64-KVM (1) # set device port1
FortiGate-VM64-KVM (1) # show
config router static
edit 1
set gateway 192.168.8.1
set device "port1"
next
end
FortiGate-VM64-KVM (1) # end
FortiGate-VM64-KVM # get router info routing-table static
Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 192.168.8.1, port1, [1/0]
Let's ping and confirm whether the Firewall now can access the internet.
FortiGate-VM64-KVM # execute ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=65.1 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=57.7 ms
FortiGate-VM64-KVM # execute ping google.com
PING google.com (172.217.171.206): 56 data bytes
64 bytes from 172.217.171.206: icmp_seq=0 ttl=57 time=381.9 ms
64 bytes from 172.217.171.206: icmp_seq=1 ttl=57 time=388.6 ms
.png)
0 Comments