Deployment Scenarios for Various WAN Types

Deployment Scenarios for Various WAN Types

This Section provides various network scenarios for the different WAN types and explains how FortiWAN can easily be integrated into any existing networks.

WAN Type: Bridge Mode with a Single Static IP

Single Static IP is a common and simple WAN network scenario, where the ISP provides a single public static (fixed) IP for the WAN link. Note: ISP often provides ATU-R, sometimes known as ADSL Modems with bridge model.

In this example it is assumed that WAN port 1 is connected to the bridge-mode ATU-R.

Please refer to the ATU-R User manual provided by your ISP to connect the ATU-R to FortiWAN’s WAN #1. Connect LAN to FortiWAN’s LAN port via a switch or hub. In this example, FortiWAN’s Port2 is treated as LAN port. Please map FortiWAN’s LAN port to the Port2 in [System] → [Network Setting] → [VLAN and Port Mapping]. Note: FortiWAN is treated as a normal PC when connecting to other networking equipments.

WAN configuration:

  1. Enter FortiWAN’s Web-based UI.
  2. Go to [System] → [Network Setting] → [WAN Settings].
  3. In the WAN LINK scroll menu, select “1”, and choose “Enable” in the Basic Settings.
  4. In the WAN type scroll menu, select [Bridge Mode: One static IP].
  5. Select [Port 1] in the WAN Port field.
  6. Enter the up/down stream bandwidth associated with this WAN link. Example: If the ADSL Line on WAN1 is 512/64, then enter [64] and [512] in the Up Stream and Down Stream fields respectively. Note: The up/down stream values entered will ONLY affect the BM and statistics reporting. Bandwidth will not increase if the values are greater than the actual bandwidth.
  7. Enter [211.100.3.35] in the Localhost IP field.
  8. Enter [255.255.255.0] in the Netmask field.
  9. Enter [211.100.3.254] in the Default Gateway IP field.
  10. Apply the bridge mode configuration.
  11. If the configuration above has been correctly established, in the [System] →[Summary] page, the status color on the WAN Link State for WAN Link #1 will turn green.

LAN configuration:

  1. Go to [System] → [Network Setting] → [LAN Private Subnet].
  2. Enter [192.168.1.254] in the IP(s) on Localhost field.
  3. Enter [255.255.255.0] in the Netmask field.
  4. Select [Port2] in the LAN Port field.
  5. Check NAT Subnet for VS.
  6. Configuration complete.

Virtual Server Configuration:

Assume an SMTP server with IP 192.168.1.1 provides SMTP services to the outside via the virtual server. FortiWAN will perform NAT on this machine so that the outside clients can get SMTP services via FortiWAN’s public IP on WAN1. The settings for this are in [Service] → [Virtual Server].

  1. Click [+] to create a new rule.
  2. Check [E] to enable this rule.
  3. Select [All-Time] in the “When” field.
  4. Enter [211.100.3.35] in the WAN IP field.
  5. Select [SMTP(25)] in the Service field.
  6. Select [Round-Robin] in the Algorithm field.
  7. Click [+] to create a new server in Server Pool.
  8. Enter [192.168.1.1] in the Server IP field.
  9. Select [SMTP(25)] in the Service field.
  10. Enter [1] in the Weight field.
  11. Selection of the L field is optional. (If an Administrator wishes to log Virtual Server activities, please select “L”).
  12. Configuration complete.

Administrators can set up different types of services inside the LAN and use the Virtual Server to make these services available to public once the configurations are completed.

This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.