Hi friends,
We recently connected an MX 250, my ISP assigned me a number of public addresses.
80.178.158.128/28
We use 2 P2P addresses
MX 80.178.158.130
ISP 80.178.158.129
Within our office there is another company that is connected through our line, and they want to connect a FORTI FW
with a public address for to establishing SITE TO SITE with another FORTI FW
I configured a 1:1 NAT for them with one of my addresses
80.178.158.140.
But there is a problem that they still go out with my PUBLIC address, does anyone have an idea how to solve the problem.
Thanks
Hi,
The topology is quite simple, MX is connected to an ISP
MX 80.178.158.130/28
ISP 80.178.158.129/28
6 switches connected for users with 5 vlans .
One of the firm's clients wants to connect FORTI FW to our network with a public ip address. I assigned him an address 80.178.158.140
And I did NAT 1:1 between
80.178.158.140
10.10.10.9
Now my problem is that the forti goes out through my public address
80.178.158.130
And not through the ip address I assigned him
80.178.158.140
Thanks
It will not work as expected, the NAT on the MX is inbound only, the outbound will still use the MX's WAN IP.
It would be easier to connect the carrier link to the Switch and configure the switch port to access a different VLAN and then configure the right public IP on the Fortigate.
1:1 NAT usually works for outbound as well. It should be using the 1:1 IP address for the outbound traffic as well.
The connection to the ISP - is their a spare port on the ISP device so they could plug their firewall in directly?
I partly agree with his statement, but the way he wants to use it (I believe it is as a Gateway for a specific network) it won't work.