Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
goldfield
New Contributor

MPLS Fortigate 60e

Hi,

 

Sorry I am quite new to fortigates, we have just had an two sites setup with leased lines with MPLS

 

The leased lines are both terminated by the isp`s cisco routers.

 

We have been given the following info regarding the vlans, looking through the fortigate and the interface setting for vlan` I cannot see where to put in the gateway for them? 

 

Site A

VLAN 1: Subnet: 80.209.145.104/29 GW:80.209.145.105 Mask: 255.255.255.248

Subnet: 192.168.100.0/29 GW: 192.168.100.1 Mask: 255.255.255.248

 

VLAN 10: Subnet: 188.240.177.208/29 GW: 188.240.177.209 Mask: 255.255.255.248

10.0.0.0/24 routed towards 192.168.100.4

 

Site B

 

VLAN 1:

                Subnet: 80.209.152.176/29

                GW:80.209.152.177

                Mask: 255.255.255.248

               

                Subnet: 192.168.100.8/29

                GW: 192.168.100.9

                Mask: 255.255.255.248

 

VLAN 10:

                Subnet: 46.102.218.48/29

                GW: 46.102.218.49

                Mask: 255.255.255.248

 

10.10.10.0/24 routed towards 192.168.100.12

 

As anybody got any basic instructions guides on how to get this MPLS up and running please, as trying to find any relivant info on the web on how to configure the forti correctly has returned  no information. Fortigate seem to be more pushing the SD wan idea.

 

Kindest regards

 

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor III

Are these VLAN 1 and 10 are trunked at the MPLS provider's Cisco LAN side port? Or only VLAN 10 is on the port and VLAN1 is for FGT's LAN side use?

Another question is does this circuit come with Internet service or strictly for site-to-site MPLS and you have another Internet circuit at each location?

goldfield

Hi, Yes the VLANs are trunked at the providers end. 

Yes the services comes with internet.

As you can see the instructions above are vague.

 

my thoughts were to add the VLANs under the wan connector, and then add a static router from the internal network to the internal IP of the MPLS...

Does this sound about right or will i be missing something... the ISP are no use unless you use a cisco.

 

Cheers

 

 

bmorris
New Contributor III

Hi Goldfield,

 

You can create a new VLAN interface on the GUI by going to:

 

Network > Create New > Interface

 

Then select:

Type: VLAN

Interface: WAN

 

 

 

Hope this helps.

Toshi_Esumi
Esteemed Contributor III

If the all instruction came from your provider, I would assume those two /29 public subnets on both vlans are for internet routing and 192.168.100.x/29s are for site-to-site MPLS connection. But I would be asking more questions to your provider(tech support) to clarify. Because this means you need to NAT locally before hitting those public subnet's GWs, but no local NAT for the private-to-private routing.

Also I'll verify if they mean VLAN1 is tagged or untagged. My guess is untagged.

VLAN creation on the WAN interface itself is the easiest part as bmorris described for GUI. Or you can use CLI.

Labels
Top Kudoed Authors