- On Accounting, go to Network > Interfaces and edit WAN1.
Set an IP/Network Mask for the interface that is on the same subnet as port 10 on External (in this example, 192.168.10.10/255.255.255.0).
- Edit the internal interface.
Set Addressing mode to Manual and set the IP/Network Mask to a private IP address (in the example, 10.10.10.1/255.255.255.0).
Under Administrative Access, enable FortiTelemetry.
If you require the FortiGate to provide IP addresses using DHCP to devices that connect to this interface, enable DHCP Server.
Under Networked Devices, enable Device Detection.
- Go to Network > Static Routes and add a static route.
Set Gateway to the IP address of port 10 on External.
- Go to Policy & Objects > IPv4 Policy and create a policy to allow users on the Accounting network to access External.
- Go to Security Fabric > Settings to add Accounting to the Security Fabric.
Enable FortiGate Telemetry, then enter the same Group name and Group password that you set previously on External.
Enable Connect to upstream FortiGate and enter the IP address of port 10 on External.
FortiAnalyzer Logging is enabled by default. Settings for the FortiAnalyzer will be retrieved when Accounting connects to External.
- If you have not already done so, connect WAN1 on Accounting to port 10 on External.
- Connect and configure Marketing, using the same method you used to configure Accounting. Make sure to complete the following steps:
- Configure WAN1 to connect to External (IP address: 192.168.200.10/255.255.255.0).
- Configure the LAN interface for the Marketing network (IP address: 10.10.200.2/255.255.255.0).
- Create a static route pointing traffic to port 11 on External.
- Create a policy to allow users on the Marketing network to access External.
- Add Marketing to the Security Fabric.