Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SCSIraidGURU
Contributor

Adding WOWWAY.COM internet to my Fortinet 60E

We moved and can only get AT&T fiber 25 Mbps from a Gigabit fiber.  I called Wowway.com.   They had 2 devices on their list

 

Arris Surfboard CM8200 Netgear CM1000

I need to be able to connect them to my WAN port of the 60E.   AT&T gave me a BWG-210-700 with IP passthrough.  How do I connect the WOWWay.com devices to it?  

 

 

 

14 REPLIES 14
rwpatterson
Valued Contributor III

This post is way confusing. What is your end goal? To use the Fortigate AND their device at the same time? If so, how many IP addresses do you have? Create a VIP on the Fortigate at the edge and point that IP to the "WOWWAY" device if you have more than one.

 

If the issue is the speed you're getting (25/1000), then check the interface statistics to see if you are both speaking the same language. For example:

Fortigate# diagnose hardware deviceinfo nic wan1 Driver_Name            iegbe Driver_Version            0.8.0-NAPI PCI_Vendor            0x8086 PCI_Device_ID            0x5048 PCI_Subsystem_Vendor        0x0000 PCI_Subsystem_ID        0x0000 PCI_Address            5:2.0 PCI_Bus_Type            PCI Bus #05 PHY_Type            3 MAC_Type            8 IRQ                0 System_Device_Name        wan1 Current_HWaddr            00:00:00:00:00:00 Permanent_HWaddr        00:00:00:00:00:00   Link                up Speed                1000 Duplex                full State                up(0x1203) MTU_Size            1500   Rx_Packets            102732998 Tx_Packets            69980718 Rx_Bytes            3639565169 Tx_Bytes            2734868041 Rx_Errors            0 Tx_Errors            0 Rx_Dropped            0 Tx_Dropped            0 Multicast            15523706 Collisions            0   Rx_Length_Errors        0 Rx_Over_Errors        0 Rx_CRC_Errors            0 Rx_Frame_Errors            0 Rx_FIFO_Errors            0 Rx_Missed_Errors        0 Tx_Aborted_Errors        0 Tx_Carrier_Errors        0 Tx_FIFO_Errors            0 Tx_Heartbeat_Errors            0 Tx_Window_Errors        0     Fortigate# 

 

This should be similar to what you should be looking at. Note that the speed and duplex settings are usually 1000/full for a gigabit connection, not auto/auto.

 

Hope that helped.

 

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
SCSIraidGURU

Wowway.com has a 1000 down / 50 up internet at my new house.  Those are the devices they offer for it. 

 

In order for the 60E to use DHCP to get the WAN2 information, the device needs IP Passthrough on it or I need a way of setting the WAN information on WAN2 of the 60E.  Those two devices CM8200 and CM1000 are what they connect their WAN cable to in order to pass LAN back.  IP Passthrough using DHCP Fixed to the MAC address of WAN2 on the fortinet 60E is how this is accomplished.  It turns the router/modem into a passthrough device.  WOWWay can't tell me if it can do it or how to connect it to the 60E.

rwpatterson
Valued Contributor III

It appears that their device is just put into bridge mode where it simply changes the device type and passes traffic. If that is the case, then plug the 40Gate into their handoff and have at it.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
SCSIraidGURU

I have never seen them called 40Gate.  I like it.

 

In the past, I had problems getting bridge mode on devices to work passing information to the router.  It was always missing information like DNS.   I do have DNS setup on the 60E.   What would be the issues doing in bridge mode instead of a pure IP Passthrough?

 

rwpatterson
Valued Contributor III

Is the ISP handoff RJ-45? If so, just skip their device. My opinion. Verizon techs told me I needed their edge device (ActionTec router). I told them I didn't and I installed the Fortigate right onto the ONT. Not sure if WOWWay is the same. Their device is needed for the channel guides. I purchased another device online that replaced the need for their router. That ActionTec is still in the box.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
SCSIraidGURU

I believe WOWWay is still coax to the device.  I talked to Fortinet support today.  They said stick their modem in bridge mode and disable everything else.  It will pass WAN information to the 60E WAN2 port.

Kenundrum

So pretty much just do what Bob said the first time :)

I did something similar in the past with a verizon fios router before i eventually was able to switch to an ethernet handoff (again similar to what bob said). So here's another voice reinforcing that for cable modems, your best bet is to put the device into bridge mode.

Some things to note- if your device is currently in NAT/route/whatever they call it mode, you will likely need to perform a DHCP release (if possible) on the internet interface from the device before you switch. Many providers only allow 1 IP per customer site, so you will not get a new address on the fortinet until your previous DHCP lease expires or you call support and they do it for you. One annoyance is that there is no good way to do this from a fortigate, so if you need to swap equipment later on- you'll either need to be very patient or be ready to call support to manually release the ip from their end.

Also apparently some of the gateways/modems have firewalls onboard that may still be active when in bridge mode- so double check that it's disabled.

CISSP, NSE4

 

CISSP, NSE4
rwpatterson
Valued Contributor III

A quick tip to what Kenundrum said. Clone the MAC address of the Internet facing device onto the WAN port of the Fortigate. It will appear as the same device to the DHCP server and you'll be good to go.

 

(My Fortigate looks like a D-Link to the outside world...)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
SCSIraidGURU

I appreciate everyone's help.  The 60E is at my house not in my data center.   At home, My 60E is just 8 interfaces each with DHCP on the 60E.  I don't even do VLANs at home.  First 5 interfaces are to my Cisco Virtual Lab.   DMZ, Internal6 and Internal7 split my house up.   I found three possible devices, two they recommeneded Surfboard SB8200 and Netgear CM1000 and an Arris DG3450 gateway.  So far I can't find anything on setting the bridge mode for SB8200 or CM1000.   These appear to be modems only.  I will be setting up SD-WAN and upgrading to 6.0 on my 60E.  I was considering using spillover rules.  I will move AT&T 25/25 to WAN2 and putting WOWWAY 1000/50 on WAN1.  Both my wife and I VPN to our offices from home.  She works from home 5 days a week and is in VPNs all day doing web programming.  I need to setup failover rules for the VPN traffic outbound. 

Labels
Top Kudoed Authors