I work at a company which uses a Fortigate 60 router, something I'm not really familiar with. Everything worked fine with it until a week ago when Comcast came in and replaced our modem.
It seemed as though the process went smoothly – our connection came back up and our static IP remained the same.
However, none of our port forwarding is working.
What has me confused is the Comcast modem apparently has two IP addresses. The WAN2 interface for it in the Fortigate router is set to 10.1.10.10. However, all of our port forwarding settings are set to an external IP address of 10.1.10.50.
Now this setup used to work fine, so something with the Comcast modem must have changed. How can I find out what?
I tried setting a computer to a local IP of 10.1.10.15 so I could open up the web interface for the modem, but I can't even ping 10.1.10.10 when I do that.
Any ideas? Thanks!
Best Answer
Configuring port forwarding on a 60B is a several step process. First you need to create a Virtual IP for the interface (WAN2) and IP (I assume 10.1.10.10) you want to forward. Then you have to add a firewall rule allowing traffic from the virtual IP to the internal interface. Can you confirm you've already done both of these?
Also, you mention that your static IP (with Comcast) remained the same. If this is the IP of the modem, I'd expect it to be an external IP, ie not in the 10.xx subnet. Yet the WAN2 interface of your Fortigate has a 10.xx address. This suggests you've got a double-NAT setup.
If this is the case you can fix it in one of two ways:
Note that with 2 if your Comcast connection is eg ADSL w PPP, you'll need to configure the Fortigate to do do the PPPoE authentication.
Double-NAt would also explain why changing the router broke things - the old router had port forwarding/NAT configured, but the new one didn't.
Edit:
It really sounds like my guess at the double-NAT scenario is correct. The DSL modem connected to WAN1 is getting the external IP address, and is assigning a 10.1.10.xx address to the Fortigate's WAN1 interface via DHCP. If the old modem definitely didn't have port forwarding then it was probably in bridge mode.
If you can't access the newly added modem via your internal network, I recommend you take the following steps:
If this all works, you'll see WAN1 on the fortigate get an external IP address.