No access to LAN from external WIFI Mesh
I have a FG 60 E. I recently bought a WIFI Mesh system consisting of three nodes. I would like to configure it so that it can gain internet access through wan1 (where my internet connection is on the FG), but no access to the rest of the internal network (a sort of a guest network).
I am pretty bad at understanding default gateways and subnet masks and so on, so i would like some help.
The fortigate has IP 192.168.50.1. The main Mesh node is connected to a LAN port on the Fortigate and has ip 192.168.1.1. I assume i have to set up a subnet of some sort on the FG (for instance: 192.168.1.0/24) and then configure the Mesh to use that subnet with a correct gateway and subnet mask? My guess is that i then have to add a rule that only accepts outgoing traffic to wan1 from that subnet? Also not sure if i have to add some sort of static route?
Also, since the Mesh has built in NAT (which You cannot disable) i guess that i somehow have to disable nat for that subnet on the FG, so that i don´t get double NAT when connected to the Mesh WIFI.
I hope i´m making sence. Could someone please help me to get this going? Not sure if my approach above is the correct way to go.
Thank You in advance.