Dear Experts,
i have fortigate firewall connected to internet modem with public ip address
i want to install mikrotik as bridge in between so i can get all logs and connections
i installed the bridge port1 to modem and port2 to fortigate
and everything worked good and i see the connections passing through the mikrotik and i can monitor them
my problem is that all the connection has source ip is the real ip that is set on fortigate
while i need to know the source ip inside the LAN
i tried to stop NAT on fortigate rule then i saw the source ip's but the internet stopped on LAN machines
is there any work around for that problem or any suggestion i can take it into consideration
thank you in advance
Re: install mikrotik as bridge
Put the Mikrotik bridge on the other side of the Fortigate.
Fortigate --> Mikrotik (Port 2), then Mikrotik (Port 3) --> Switch
Disable DHCP Server
Edit port 3 interface, set master-interface to none
Create bridge1
Add port 2 and port 3 to the bridge.
Go to Bridge, click the settings button
Enable "Use IP Firewall"
The reason port 2 and 3 need to be in the same bridge as opposed to leaving port 3 as slave to port 2 is because firewall rules don't apply to interfaces that are master/slave
By enabling "Use IP Firewall", you can use IP > Firewall to create rules. It has more features than Bridge > Filter rules.
Fortigate --> Mikrotik (Port 2), then Mikrotik (Port 3) --> Switch
Disable DHCP Server
Edit port 3 interface, set master-interface to none
Create bridge1
Add port 2 and port 3 to the bridge.
Go to Bridge, click the settings button
Enable "Use IP Firewall"
The reason port 2 and 3 need to be in the same bridge as opposed to leaving port 3 as slave to port 2 is because firewall rules don't apply to interfaces that are master/slave
By enabling "Use IP Firewall", you can use IP > Firewall to create rules. It has more features than Bridge > Filter rules.
Re: install mikrotik as bridge
So what you are saying is to remove mikrotik from between modem-fortigate and put it in between fortigate-switch right ?
If this is the case my question is there is any chance to do it as my first scenario?
Thank you in advance
If this is the case my question is there is any chance to do it as my first scenario?
Thank you in advance
Re: install mikrotik as bridge
Yes - in my scenario you'd be moving the Mikrotik from in front of the fortigate to behind the fortigate.
If you want to have it in front of the fortigate (Fortigate --> Mikrotik --> Modem) Then look for an option in the fortigate called operation mode. Change it from Gateway/NAT to Router/Transparent.
Then the private IPs shall pass through to the Mikrotik.
On the fortigate your wan port should be set to DHCP. You would need a route on the fortigate to send 0.0.0.0/0 to the Mikrotik's ether2 IP (by default: 192.168.88.1)
Or.... if the fortigate has the function to act as a plain old switch and the functions you need still work, then this would be an easier route.
If you want to have it in front of the fortigate (Fortigate --> Mikrotik --> Modem) Then look for an option in the fortigate called operation mode. Change it from Gateway/NAT to Router/Transparent.
Then the private IPs shall pass through to the Mikrotik.
On the fortigate your wan port should be set to DHCP. You would need a route on the fortigate to send 0.0.0.0/0 to the Mikrotik's ether2 IP (by default: 192.168.88.1)
Or.... if the fortigate has the function to act as a plain old switch and the functions you need still work, then this would be an easier route.
Re: install mikrotik as bridge
I will study the case of putting mikrotik before fortigate but i have issue that i have 2 fortigate ha and 2 switches stackable for redundancy so in this case i need 2 mikrotik to keep redundancy
Thank you in advance
Thank you in advance
Who is online
Users browsing this forum: No registered users and 87 guests