I am trying to set up my old FortiGate 100A as a simple router for a small office network. My ISP's incoming PPPoE connection runs on VLAN 100 and I can't seem to get it going on a WAN port of the FortiGate. I have created a VLAN sub-interface under one of the WAN ports and got it authenticating and getting an IP address from the ISP, but I can't seem to get it passing traffic from the internal interfaces through that sub-interface.
I have tried setting a static route, but as i understand it, I shouldn't have to do that, because the gateway is retrieved from the ISP when it connects.
I am pretty new to the whole "real" router scene so I might have missed an obvious step I don't know about.
If you need any more information, let me know.
Thanks
Best Answer
For traffic to pass from the internet to the LAN you need a couple of preliminaries to allow this:
1- create an address object "myLAN" for the addresses used for your LAN hosts, like e.g. "192.168.123.0/24".
2- then create a policy:
source interface: internal
source address: myLAN
destination interface: yourVLAN_IF
destination address: ALL
check the "NAT" option!
You are not using the WAN port but the virtual VLAN interface created on it.
The NAT option is essential as the private source addresses of outbound traffic are replaced by the public address of the VLAN interface so that it can be routed back to your FGT.
The routing is essential as well:
3- create a default route
find the menu option to create a static route (this is firmware version dependent). Create a route '0.0.0.0/0' pointing to interface "yourVLAN_IF", no gateway. The gatewway address has already be set because you checked that option in the interface setup (this is a PPPoE option).
You're right in assuming that the FGT has automatically created a route to the VLAN interface, look it up in 'Routing monitor'.