Fortigate

Following on from a previous post on how to setup a VLAN on a Fortigate hardware switch, this post is going to explain how we can link an AP-bridge SSID to a hardware switch and VLAN. For the most part, the only reference material you will need to complete this configuration can be found here: https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-cookbook/252439/configuring-the-fortigate-interface-to-manage-fortiap-units. However, if you have been working with Fortigates and by extension FortiOS for quite some time, you may be wonder where the CAPWAP option vanished to? Fortinet adopted this into the security fabric naming convention. CAPWAP has even been replaced in the CLI by ‘fabric’. ...

In this post, we are going to discuss how to add a VLAN to a hardware (sometimes referred to as physical) switch or interface on a Fortigate. It is worth noting that I actually do my testing on a FortiWifi, so I can assure you that this also applies there too. I will be focusing on the configuration which is relevant to FortiOS v6.0 and above, so your millage vary between versions. However, you need can usually be found over at the Fortinet Handbook: https://docs.fortinet.com/product/fortigate/6.0. ...

A short and sweet problem/resolution. If you are looking to enable subnet overlapping on a Fortigate so that you can give multiple interfaces an IP in the same subnet, this is the post for you. NOTE: This feature can only be enabled in the Fortigate’s CLI. To enable the overlapping feature, enter the following commands: config system settings set allow-subnet-overlap [enable/disable] end What is subnet overlapping? Subnet overlapping is disabled by default in fortiOS and for good reason; if you misuse subnet overlapping it can cause massive routing issues for your clients and their traffic. Subnet overlapping lets you apply IPs from the same subnet (e.g 192.160.1.X/24) to multiple interfaces that are not in the same virtual/physical switch. ...

If you are unfortunate enough to have to deal with double NAT on your gateway then you might know the troubles surrounding portforwarding or VIPs. Here is a quick how to guide for setting up a port forward on a Forgate where double NAT is inplace. Case Study – Plex port forward Plex is a great tool for managing your personal media collection and it gets even better when you enable a port forward to let you access this collection from anywhere in the world. Whilst Plex ahve made a number of changes to allow you to reach your contect via a relay server, the best way to access your content from outside your LAN is by using a port forward. ...