Fortigate 100D: configuring DMZ | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB

Mark Thread UnreadFlat Reading Mode ❐

Hot!Fortigate 100D: configuring DMZ

Author Post Essentials Only Full Version
erotavlas New Member Total Posts : 5 Scores: 0 Reward points: 0 Joined: 2019/06/19 13:20:05 Status: offline 2019/06/20 02:16:57 (permalink) 0 Fortigate 100D: configuring DMZ Hi, I'm new of this forum and of fortinet device. I have to install a Web server on GNU/linux zentyal 6 in a network managed by a fortinet fortigate 100D v6.0.5 build0268 firewall with DNS and active directory provided by Windows server 2016 machines. I followed this guide https://cookbook.fortinet...eb-server-with-dmz-54/ about how to setup a DMZ for the Web server. The only thing that is different in my configuration compared to the guide is that I'm using a DMZ port on the firewall instead of port3 as interface. So I have LAN on 10.0.0.0/16 network, DMZ on 10.10.10.0/24 networks (Web server with fixed internal IP 10.10.10.2/24, gateway 10.10.10.1 and DMZ with fixed external IP) and fortinet on 10.10.10.1 (DNS and active directory on LAN). At the moment, I can execute ping from firewall toward Web server and the opposite. While I'm not able to reach the Web server both from internal LAN and external network. Moreover, I cannot reach Internet from my Web server (I have to investigate if it could be a DNS problem). What am I missing? Thank you post edited by erotavlas - 2019/06/21 00:08:00 #1 FortiGate 7 Replies Related Threads
hubertzw Gold Member Total Posts : 193 Scores: 5 Reward points: 0 Joined: 2018/04/16 13:29:04 Status: offline Re: Fortigate 100D: configuring DMZ 2019/06/20 02:48:18 (permalink) 0 Do you have firewall policies for LAN-DMZ? You need this for DNS for example. Do you have ICMP in the policy INTERNET-DMZ or only HTTP, HTTPS? Don't leave ICMP in the production. Limit the number of protocols to minimum. #2
julienlux New Member Total Posts : 13 Scores: 5 Reward points: 0 Joined: 2014/01/22 07:42:13 Status: offline Re: Fortigate 100D: configuring DMZ 2019/06/20 06:41:07 (permalink) 0 On your post you mentionned that Webserver ip is 10.10.10.2 and Gateway 10.10.10.2. Do I understand correctly? What is the IP of DMZ port of your Fortigate? This ip should be the default gateway of your server. #3
erotavlas New Member Total Posts : 5 Scores: 0 Reward points: 0 Joined: 2019/06/19 13:20:05 Status: offline Re: Fortigate 100D: configuring DMZ 2019/06/21 00:10:44 (permalink) 0 julien.lacava On your post you mentionned that Webserver ip is 10.10.10.2 and Gateway 10.10.10.2. Do I understand correctly? Thank you, I corrected my post. The gateway of the Web server is 10.10.10.1. julien.lacava What is the IP of DMZ port of your Fortigate? This ip should be the default gateway of your server. How can I check it? I assigned a subnet 10.10.10.0/24 to the DMZ interface and so I think it should be 10.10.10.1. #4
erotavlas New Member Total Posts : 5 Scores: 0 Reward points: 0 Joined: 2019/06/19 13:20:05 Status: offline Re: Fortigate 100D: configuring DMZ 2019/06/21 00:18:22 (permalink) 0 I followed exactly the guide reported on the link. So you are right in order to obtain a DNS via DHCP I need a link between DMZ and my LAN where is the DHCP server. However, I prefer to setup a manual DNS on the Web server in order to maintain the DMZ and LAN isolated. At the moment I enabled ICMP for testing functionality. What is missing on fortigate side? Do you think that it is ok and I have to change something into the Web server? Thank you #5
julienlux New Member Total Posts : 13 Scores: 5 Reward points: 0 Joined: 2014/01/22 07:42:13 Status: offline Re: Fortigate 100D: configuring DMZ 2019/06/21 03:37:37 (permalink) 0 Can you post a copy of your configuration and also tell me what is working and what is not? #6
erotavlas New Member Total Posts : 5 Scores: 0 Reward points: 0 Joined: 2019/06/19 13:20:05 Status: offline Re: Fortigate 100D: configuring DMZ 2019/06/22 23:05:11 (permalink) 0 julien.lacava Can you post a copy of your configuration and also tell me what is working and what is not? Hi, it is working all except the DMZ. I have to install a Web server that works if I leave out of firewall, while it does not work inside DMZ created by fortinet as described before. Do you need the configuration file of the fortinet? Can I post it here? #7
hubertzw Gold Member Total Posts : 193 Scores: 5 Reward points: 0 Joined: 2018/04/16 13:29:04 Status: offline Re: Fortigate 100D: configuring DMZ 2019/06/23 02:17:25 (permalink) 0 erotavlas The gateway of the Web server is 10.10.10.1. How can I check it? I assigned a subnet 10.10.10.0/24 to the DMZ interface and so I think it should be 10.10.10.1. Can you confirm you set 10.10.10.1/24 IP on the DMZ interface? -> 'show system interface' Do you have policy for traffic between LAN<->DMZ? When you post your config remove public IP. #8

Jump to:

© 2019 APG vNext Commercial Version 5.5