Network topology and assumptions
Both companies have their own ISPs and their own internal interface, external interface, and VDOM on the FortiGate unit.
For easier configuration, the following IP addressing is used:
• all IP addresses on the FortiGate unit end in “.2” such as 10.11.101.2.
• all IP addresses for ISPs end in “.7”, such as 172.20.201.7.
• all internal networks are 10.*.*.* networks, and sample internal addresses end in “.55”.
The IP address matrix for this example is as follows.
Address | Company A | Company B |
ISP | 172.20.201.7 | 192.168.201.7 |
Internal network | 10.11.101.0 | 10.012.101.0 |
FortiGate / VDOM | 172.20.201.2 (port1) 10.11.101.2 (port4) | 192.168.201.2 (port3) 10.012.101.2 (port2) |
The Company A internal network is on the 10.11.101.0/255.255.255.0 subnet. The Company B internal network is on the 10.12.101.0/255.255.255.0 subnet.
There are no switches or routers required for this configuration.
There are no VLANs in this network topology.
The interfaces used in this example are port1 through port4. Different FortiGate models may have different interface labels. port1 and port3 are used as external interfaces. port2 and port4 are internal interfaces.
The administrator is a super_admin account. If you are a using a non-super_admin account, refer to
“Global and per-VDOM settings” to see which parts a non-super_admin account can also configure.
When configuring security policies in the CLI always choose a policy number that is higher than any existing policy numbers, select services before profile-status, and profile-status before profile. If these commands are not entered in that order, they may not be available to enter.
