Data Plane Interfaces
In this post we are going to configure data plan interface. Before we set up a default route, let’s getting use port4 as the egress or out band interface as send traffic to internet, we need to make sure we have ip address on Port4. So let’s see to our game plan again. We are going to configure port4 with the ip address 23.1.2.71 with a 24-bit mask.
So, back to firewall 1, go to Network and Interface, we are going to configure Port4 with double click or single click and then Edit, either way is great. Set the “To_ISP” for alias cause it is the interface leads to, and then the 23.1.2.71/24 for ip address , and let’s also allow ourselves to do some testing with the interface, allow Ping on the interface and then click on OK.
Then because of alias as To_ISP and alphabetic sorting, Port4 is in the last of the interface list.
Let’s see some new features of recent versions of fortigate. Double click on Port4 and open it. We have an option on the right Edit in CLI which is interesting. Click on it, oh my goodness, it shows us the CLI configuration for the interface and we can continue editing at the cli. So convenient.
We can see the alias, the ip address and allowaccess as well.
Feature Visibility
One more thing I want to show you right here is that we can’t see IPv6 configuration on the interface. If you want to see IPv6 and configure it here is where we can see it.
Go to the System on the left and then under it click on Feature Visibility and if you want see the IPv6, you simply enable it and then click on Apply.
So go back to network and interface. Now it has the option also configure IPv6 information. That is a general rule of where you would go, if you have something on the configure on interface or part of the firewall but you are not seeing it in your graphical user interface.
You can go to the System, Feature Visibility and enabling or disabling those features want to have seen in the GUI. So, I disable the IPv6.
And since we are here in interface firewall, let’s also configure the other two interfaces they are going to need.
By looking at our topology the other ports are Port3 that is connect to 172.16.1 network and Port2 which is on the 10.123.0.0 network. We’re going to use last octet .71 on firewall 1.
As we saw in previous post https://old.smenode.com/foritgate-network-configuration/ , the ip address setting can be a good basic practice for all of us. Please do it with your firewalls, just take a quick view with each other to the alias and ip addresses. We set the “To_Inside” for the Port2 and “DMZ” as the demilitarized zone for Port3.
Let’s go to the dashboard and go down to Network, we know have 4 routes. So, click on “Static & Dynamic Routing” and expand it to show us the exactly those routes. The reason that has four exact routes is because it is connected to 4 exact networks.
So now we have 4 interfaces we need, 1 for management and 3 for data plane. Our next task is to add an additional route, a default route, so this firewall knows how to reach the public internet and we will do that in the next post.
