Helpful ReplyHot!Out of IP's - adding another LAN but running into dns issues

Author
MeoDub
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/25 09:10:57
  • Status: offline
2021/07/16 09:45:22 (permalink)
0

Out of IP's - adding another LAN but running into dns issues

Hi all,
 
I struggle through every step with these routers, very sorry for the noob questions but please be gentle, I don't really know what I'm doing here.
 
So we were quickly exhausting our single class C network and I decided to run another line from the Fortigate 60E (is that a vlan or a subnet, not sure) to a new switch and give myself another 200+ addresses.  Main net is 192.168.1.0, and I made the new lan 192.168.3.0  I have the fortigate set as the DHCP server for this new segment and so far I've fought my way through to a point where clients pull an ip and can communicate internally and externally.
 
I can ping from a 192.168.1 machine to a 192.168.3 machine, but if I try to remote in by machine name, it fails, so I have a dns issue for sure.  I have the new LAN dns set to our DC at 1.10
 
I'm also a little worried about security, as I basically just added policies to open everything up between the two LANs and between the wan and new LAN.
 
I'll attach a few screen shots of the current config...if anyone has any suggestions or critiques on anything I've setup here, they would be greatly appreciated.  I realize it's a lot to ask, we are all very busy, but I thank you for reading.
 


 

post edited by MeoDub - 2021/07/16 11:44:20
#1
GusTech
Gold Member
  • Total Posts : 409
  • Scores: 8
  • Reward points: 0
  • Joined: 2011/09/30 01:26:25
  • Location: Norway
  • Status: offline
Re: Out of IP's - adding another LAN but running into dns issues 2021/07/16 16:10:47 (permalink) ☄ Helpfulby MeoDub 2021/07/27 11:06:40
0
Do you split the internal network because you really want different access or do you do it just to get more addresses?
 
If the target is only more internal addresses, you can increase the internal network you already have:
 
Add a /22 network. Then you have 192.168.0.1-192.168.3.254 in the same internal network.
192.168.0.1/255.255.252.0

Fortigate <3
#2
GusTech
Gold Member
  • Total Posts : 409
  • Scores: 8
  • Reward points: 0
  • Joined: 2011/09/30 01:26:25
  • Location: Norway
  • Status: offline
Re: Out of IP's - adding another LAN but running into dns issues 2021/07/16 16:14:10 (permalink) ☄ Helpfulby MeoDub 2021/07/27 11:06:44
0
WAN -> internal delete =)
 

Fortigate <3
#3
MeoDub
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/25 09:10:57
  • Status: offline
Re: Out of IP's - adding another LAN but running into dns issues 2021/07/19 11:30:37 (permalink)
0
Thanks, Gus.
 
More internal addresses is the goal, but changing the mask seemed like the more complicated route.   I don't fully understand the ramifications of that change so I thought better to leave it alone.
 
Edit:  I should also mention I have another building down the road connected via tunnel, which is on 192.168.2.0.  That factored into my avoidance of changing the mask.  I'll probably just leave it as is and fight the dns issue.
post edited by MeoDub - 2021/07/19 11:51:24
#4
sw2090
Expert Member
  • Total Posts : 989
  • Scores: 82
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: Out of IP's - adding another LAN but running into dns issues 2021/07/22 05:51:17 (permalink) ☄ Helpfulby MeoDub 2021/07/27 11:06:32
0
hm maybe its the easiest to have the FGT be DNS and DHCP Forwarder for 192.168.3.0 to the DC on 1.10. And then have the dhcp on the DC have a pool for both subnets and also it has to have an ip in 192.168.3.0 itself of course.
This DNS thingy will only work with windows dhcp servers afaik.

-- 
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
#5
Jump to:
© 2021 APG vNext Commercial Version 5.5