Should Fortinet Firewall, PowerConnect Switch or Comcast Router be DHCP Server?

kmartindmc · Aug 13, 2013

I have a Fortinet FortiGate firewall, a Dell PowerConnect switch and will be getting a Comcast router for Internet access at a business. Basically, this is a new network to be installed in parallel with a functional network from another provider. Once the new network is stable, the old network will be retired. The reasons for this are that the present network is wireless access only with the router located in the office instead of the telephone closet, and we are adding a file server which does not have wireless access, a few extra computers, the switch, and the hardware firewall. Right now the wireless router is acting as the DHCP server. However, I do not think it will work properly from the telephone closet given the wiring in there. From what I have gathered so far, each of the three units in question can function as a DHCP server: my question is which is the best choice? My idea for the network is the computers, wireless access point, and server being plugged into wall jacks which lead to the telephone closet where the PowerConnect switch will be, which itself will be plugged into the Fortinet, which will be plugged into the Comcast router, which will connect to the Internet. It seems to me that the switch should be the DHCP server but that implementation seems to be rather complex. Any suggestions would be greatly appreciated.

Nijinski · Aug 13, 2013

Make the firewall your LAN DHCP server, unless you have a windows Active Directory server. If you do then that's your DHCP server. That should give all the things on your internal network an IP address.

Set the Comcast router that the firewall is plugged into as a DHCP server as well but give it a completely different private IP range to hand out, that's probably the easiest way for your firewall to get an IP address so that your traffic will route properly out to the internet and back.

kmartindmc · Aug 14, 2013

Nijinski :

I'm not sure I understand that. Who is the Comcast router handing IPs to if the firewall is doing it already?

Nijinski · Aug 14, 2013

The Comcast router hand an IP to the external interface of the Fortinet, the internal interface of the Fortinet is handing out IPs to your internal network, including the powerconnect switch

kmartindmc · Aug 15, 2013

Nijinski :

Thank you for your answer.

In looking around, it seems that the file server I intended to have will have to be an Active Directory server since we will have people of differing access permissions utilizing the same server. This is my first time with Windows Server 2012 and I am wary of the dramatic change. I have fussed with a Windows 8 machine and am still getting familiar with it. I will do more digging for specifics but if I may ask...can the layout still be Internet to Comcast router to firewall to network switch to all computers including the server if it is the only one doing duty as the DHCP machine?

Nijinski · Aug 15, 2013

You should still leave the Comcast router as DHCP handing an IP to the firewall.

You then turn off DHCP on the firewall and the switch and leave the Active Directory server to hand out IPs to your internal network. Your Active Directory server will be your DHCP server, your DNS server and your logon/permissions controller. The internal IP of your firewall will be your default gateway for the internal network, everything the external side of the firewall should take care of itself.

If I get a chance, I'll draw a diagram with some example IPs, it'll probably make it clearer

kmartindmc · Aug 15, 2013

Nijinski :

That would be greatly appreciated, thank you! In the meantime I'll keep looking on how to best use that 2012 Server.

Search

Should Fortinet Firewall, PowerConnect Switch or Comcast Router be DHCP Server?

kmartindmc

Honorable

Nijinski

Nijinski

Honorable

kmartindmc

Honorable

Nijinski

Honorable

kmartindmc

Honorable

Nijinski

Honorable

kmartindmc

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page