Fortinet Firewall Configuration Guide

Please Note: 

  • All testing was done on a Fortinet Fortigate 60E firewall, running FortiOS 5.4.1.
  • Click screenshots to view at full size.

Part One: Configuring Interfaces

  1. Power on the RocketFailover device, and make sure the Ethernet cable is connected to the wan2 port on the firewall.

  2. To configure the RocketFailover Connection on the wan2 port, double-click on the wan2 interface from the Network -> Interfaces Screenfortigate-interfaces.png

  3. Set the Address Mode to Manual, which will copy the IP settings over. Enable any services to enable remote access from the RocketFailover connection in case of a failover.fortigate-interfaces-wan2.png

Part Two: Configuring Routing

 

 

 

 

  1. Edit the default static route for wan1.  Under Advanced Options, make sure you set the priority to 0.

     fortinet-wan2-staticroute.png

     

  2. Create a new default static route for wan2.  Under Advanced Options, make sure you set the priority to 10.

    fortinet-wan1-staticroute.png
  3. Add a new WAN Status Check Item, this will periodically check your primary internet connections to ensure it is online, and facilitate the failover if the primary connection were to fail. You will need to configure this from the CLI as follows

    #config system link-monitor

    edit  Wan1Test

    set srcintf wan1   

    set server 208.67.222.222

    set protocol ping

    set gateway-ip x.x.x.x

    set source-ip 0.0.0.0

    set interval 5000

    set failtime 3

    set recoverytime 3

    set ha-priority 1

    set update-cascade-interface enable

    set update-static-route enable

    set status enable

    end

  4. If your firewall is using standard routing, you will use a static route to configure ConnectionValidation for iStatus.fortigate-iStatus-static-route-basic-1.png
  5. Click Create New on the Network -> Routing page to create a new Static Route and configure as follows, but make sure you use the Gateway IP address of the RocketFailover device.fortigate-iStatus-static-route-basic-2.png
  6. If your firewall is using advanced routing, you can either use a static route (as shown above) or a policy route to configure ConnectionValidation for iStatus.
    Click Create New on the Network -> Policy Routes page to create a new Policy Routefortigate-iStatus-static-route-adv-1.png
  7. Configure the Policy Route as follows below. You will need to specify the source address/mask to instead use the local LAN network where the iStatus device is plugged in. Additionally, the Gateway address should be specified as the default gateway of the RocketFailover Device.fortigate-iStatus-policyRoute.png

     

  8. Verify that your Policy Rules are in place to allow traffic to flow out the new RocketFailover wan2 interface on the firewall.  Below is a sample of the default internal to wan1 rule that is created in a new firewall, and a duplicate of that rule for internal to wan2.

     

    fortigate-policy-wan2.png 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.