Configuring Network Interface (Network Setting) How to set up your FortiWAN
LAN Private Subnet
[LAN Private Subnet] is the second most important part for deploying FortiWAN in your network. In contrast with
configurations on WAN Settings to active the WAN link transmission from FortiWAN to Internet (external network),
LAN Private Subnet is the configuration for deploying the internal network on FortiWAN’s LAN ports. There are two
parts for setting LAN private subnet: Basic Subnet and Static Routing Subnet, which respectively are the subnets
connected directly to FortiWAN’s LAN ports and the subnets connected indirectly to FortiWAN via a router. (See
"Scenarios to deploy subnets")
Basic Subnet
Here is a simple example to demonstrate a configuration for the basic subnet in the typical LAN environment.
As the illustration, FortiWAN port3 has been mapped to LAN port via [System / Network Setting / VLAN and Port
Mapping] (See "VLAN and Port Mapping"), and is assigned with private IP 192.168.34.254. Enter this IP address in
the field [IP(s) on Localhost]. For hosts in LAN, port3 (192.168.34.254) serves as gateway as well. Enter the netmask
(255.255.255.0) for the subnet in the field [Netmask]. Select the LAN port Check the field in [Enable DHCP], to
allocate IP address (any of 192.168.34.175~192.168.34.199) dynamically via DHCP to PCs in LAN.
If any hosts in LAN require static IP addresses, then enter in [Static Mapping] the IP addresses to designate, and MAC
addresses of the PCs as well.
Check the field in [NAT Subnet for VS], which is an optional choice. When users in LAN or DMZ access the WAN IP of
virtual server, their packets may bypass FortiWAN and flow to internal server directly. This function can translate the
source IP address of the users' packets into IP address of FortiWAN, to ensure the packets flow through FortiWAN. If
no check is made, the system will determine which IP address it may translate into by itself. Similarly, to deploy an
IPv6 private LAN on FortiWAN port4 which has been mapped to LAN port, with IPv6 address 2001:a:b:cd08::1 served
as gateway for PCs in LAN. Check the field in [Enable SLAAC] or [Enable DHCPv6 Service] to allocate IP addresses
dynamically to PCs in LAN. [NAT Subnet for VS] is not supported in IPv6 private LAN. The SLAAC and DHCPv6 in
FortiWAN Handbook
Fortinet Technologies Inc.
77
To Next Page
Loading...
