How to set up your FortiWAN Configuring Network Interface (Network Setting)
WAN Setting : WAN Settings is the major part to deploy FortiWAN in various types of WAN
links. Here are some information helping you on the configurations of WAN
Setting (See "Configuring your WAN").
WAN/DMZ Private Subnet :
This feature includes several configuration settings of WAN/DMZ port that
has private subnets (See "WAN/DMZ Private Subnet").
LAN Private Subnet :
This feature includes several configuration settings of LAN port that has
private subnets (See "LAN Private Subnet").
Set DNS server to FortiWAN
As an edge router, FortiWAN connects the external and internal networks to provide necessary valuable functions for
incoming and outgoing service accesses. Among the functions, domain name resolution plays an important role for
service accesses. The following is an overview about the DNS deployment on FortiWAN, according to source of the
DNS query.
For external users who want to access your domain
If you provide network services (such as HTTP, FTP or SMTP) to Internet, no matter how you deploy the servers
(deploy them in DMZ or LAN) you will need also provide the resolution of your domain name to users who want to
access your services from Internet. You may manage your domain simply by a DNS hosting or FortiWAN's
Multihoming (See "Multihoming"). Multihoming is basically a DNS server providing standard name resolution to
Internet users, moreover it provides load balancing and fail over to inbound traffic.
For internal users who want to access internal or external servers
It requires a DNS server for any user to resolve a external domain he want to access through Internet. Usually, this
DNS server could be a ISP's DNS server or any registered public DNS server. An user can configure the setting of DNS
server on its own computer manually or automatically be allocated by DHCP. This DNS server is also necessary to
FortiWAN itself for some operations. Several FortiWAN's functions, such as sending logs and notifications, ping and
traceroute commands, require DNS resolution if the target is a FQDN (fully qualified domain name). Through Web UI
System > Network Setting > DNS Server, you can manually set the DNS server to FortiWAN. FortiWAN's DHCP
(also SLAAC and DHCPv6, see "Automatic addressing within a basic subnet") allocate the DNS servers set here to
users in LAN or DMZ subnet if the users' computers are set to automatically get DNS by DHCP.
On the other hand, if you want to maintain an internal DNS server in your site, FortiWAN provides Internal DNS (see
"Internal DNS") for managing your domain to internal users (the users in LAN or DMZ subnet). An user in LAN or DMZ
subnet need to manually configure the DNS server on his computer for using the FortiWAN's Internal DNS (set DNS
server as IP address of the gateway he connects to). It is unable to automatically allocate FortiWAN's internal DNS to
users by FortiWAN's DHCP. The Internal DNS is recursive, which allows users to resolve other people's domains
(external domains). The DNS servers set here (System > Network Setting > DNS Server) will be asked by Internal DNS
while it recursively resolve an unknown domain. Of cause that you can also set up a standalone internal DNS server to
manage your domain for internal users, but this is the category of FortiWAN.
The last feature about DNS that FortiWAN provides is DNS Proxy, which is a mechanism to redirect outgoing DNS
queries to other DNS servers according to WAN links loading. This is not the well-known DNS proxy, but is a solution
for ISP peering issue (See "DNS Proxy" and "Optimum Route Detect").
48 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
