Seguridad y Redes

El FortiGate puede actuar como un servidor DHCP para distribuir dirección IP a los hosts finales que ejecutan servicios de un cliente DHCP. Esta característica es importante si se tiene una pequeña sucursal que no posee un servidor DHCP dedicado.

Para habilitar el servicio de DHCP en el FortiGate se puede realizar desde la interfaz web en las opciones de System > Network > Interface. Para configurar este servicio desde el CLI.

Datos del servidor DHCP.

Interface: port3 (INSIDE)
Rango de direcciones IP: 192.168.23.50 - 192.168.23.100
Subnet: 255.255.255.0
Default Gateway: 192.168.23.1
DNS: Servicio de DNS por default
Nombre de Dominio: delfirosales.com

Configuracion de la interface Inside.

edit "port3"
    set vdom "root"
    set ip 192.168.23.1 255.255.255.0
    set allowaccess ping
    set type physical
    set alias "INSIDE"
    set snmp-index 3
next

FortiGate-VM # show system dns 
config system dns
    set primary 8.8.8.8
    set secondary 8.8.4.4
    set domain "delfirosales.com"
    set source-ip 192.168.1.102
end

FortiGate-VM # config system dhcp server 
FortiGate-VM (server) # edit 1
new entry '1' added
FortiGate-VM (1) # set auto-configuration disable 
FortiGate-VM (1) # set default-gateway 192.168.23.1
FortiGate-VM (1) # set dns-service default 
FortiGate-VM (1) # set interface port3
FortiGate-VM (1) # config ip-range 
FortiGate-VM (ip-range) # edit 1
new entry '1' added
FortiGate-VM (1) # set start-ip 192.168.23.50
FortiGate-VM (1) # set end-ip 192.168.23.100
FortiGate-VM (1) # next 
FortiGate-VM (ip-range) # end
FortiGate-VM (1) # set netmask 255.255.255.0
FortiGate-VM (1) # next 
FortiGate-VM (server) # end

FortiGate-VM # 
FortiGate-VM # show sys dhcp server 
config system dhcp server
    edit 1
        set auto-configuration disable
        set default-gateway 192.168.23.1
        set dns-service default
        set interface "port3"
            config ip-range
                edit 1
                    set end-ip 192.168.23.100
                    set start-ip 192.168.23.50
                next
            end
        set netmask 255.255.255.0
    next
end
FortiGate-VM # 

root@labs:/home/delfi# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:00:AB:5C:A9:00  
          inet addr:192.168.23.50  Bcast:192.168.23.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:179 errors:0 dropped:0 overruns:0 frame:0
          TX packets:158 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:26721 (26.0 KiB)  TX bytes:50476 (49.2 KiB)

root@labs:/home/delfi# 

root@labs:/home/delfi# route -e
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.23.1    0.0.0.0         UG        0 0          0 eth0
127.0.0.1       *               255.255.255.255 UH        0 0          0 lo
192.168.23.0    *               255.255.255.0   U         0 0          0 eth0

root@labs:/home/delfi# ping www.google.com
PING www.google.com (173.194.115.176): 56 data bytes
64 bytes from 173.194.115.176: seq=0 ttl=57 time=134.307 ms
64 bytes from 173.194.115.176: seq=1 ttl=57 time=248.415 ms
64 bytes from 173.194.115.176: seq=2 ttl=57 time=166.495 ms
64 bytes from 173.194.115.176: seq=3 ttl=57 time=50.341 ms
64 bytes from 173.194.115.176: seq=4 ttl=57 time=283.354 ms
64 bytes from 173.194.115.176: seq=5 ttl=57 time=187.280 ms
64 bytes from 173.194.115.176: seq=6 ttl=57 time=69.864 ms
64 bytes from 173.194.115.176: seq=7 ttl=57 time=102.955 ms
64 bytes from 173.194.115.176: seq=8 ttl=57 time=107.317 ms
64 bytes from 173.194.115.176: seq=9 ttl=57 time=84.637 ms
64 bytes from 173.194.115.176: seq=10 ttl=57 time=142.454 ms