Sign in with
Sign up | Sign in
Your question
Solved

Should Fortinet Firewall, PowerConnect Switch or Comcast Router be DHCP Server?

Last response: in Networking
Share
August 13, 2013 8:47:52 AM

I have a Fortinet FortiGate firewall, a Dell PowerConnect switch and will be getting a Comcast router for Internet access at a business. Basically, this is a new network to be installed in parallel with a functional network from another provider. Once the new network is stable, the old network will be retired. The reasons for this are that the present network is wireless access only with the router located in the office instead of the telephone closet, and we are adding a file server which does not have wireless access, a few extra computers, the switch, and the hardware firewall. Right now the wireless router is acting as the DHCP server. However, I do not think it will work properly from the telephone closet given the wiring in there. From what I have gathered so far, each of the three units in question can function as a DHCP server: my question is which is the best choice? My idea for the network is the computers, wireless access point, and server being plugged into wall jacks which lead to the telephone closet where the PowerConnect switch will be, which itself will be plugged into the Fortinet, which will be plugged into the Comcast router, which will connect to the Internet. It seems to me that the switch should be the DHCP server but that implementation seems to be rather complex. Any suggestions would be greatly appreciated.
August 13, 2013 3:15:22 PM

Make the firewall your LAN DHCP server, unless you have a windows Active Directory server. If you do then that's your DHCP server. That should give all the things on your internal network an IP address.

Set the Comcast router that the firewall is plugged into as a DHCP server as well but give it a completely different private IP range to hand out, that's probably the easiest way for your firewall to get an IP address so that your traffic will route properly out to the internet and back.
m
0
l
August 14, 2013 1:50:00 PM

Nijinski said:
Make the firewall your LAN DHCP server, unless you have a windows Active Directory server. If you do then that's your DHCP server. That should give all the things on your internal network an IP address.

Set the Comcast router that the firewall is plugged into as a DHCP server as well but give it a completely different private IP range to hand out, that's probably the easiest way for your firewall to get an IP address so that your traffic will route properly out to the internet and back.


I'm not sure I understand that. Who is the Comcast router handing IPs to if the firewall is doing it already?
m
0
l
Related resources
August 14, 2013 2:29:20 PM

The Comcast router hand an IP to the external interface of the Fortinet, the internal interface of the Fortinet is handing out IPs to your internal network, including the powerconnect switch
m
0
l
August 15, 2013 11:31:36 AM

Nijinski said:
The Comcast router hand an IP to the external interface of the Fortinet, the internal interface of the Fortinet is handing out IPs to your internal network, including the powerconnect switch


Thank you for your answer.

In looking around, it seems that the file server I intended to have will have to be an Active Directory server since we will have people of differing access permissions utilizing the same server. This is my first time with Windows Server 2012 and I am wary of the dramatic change. I have fussed with a Windows 8 machine and am still getting familiar with it. I will do more digging for specifics but if I may ask...can the layout still be Internet to Comcast router to firewall to network switch to all computers including the server if it is the only one doing duty as the DHCP machine?
m
0
l

Best solution

August 15, 2013 11:56:28 AM

You should still leave the Comcast router as DHCP handing an IP to the firewall.

You then turn off DHCP on the firewall and the switch and leave the Active Directory server to hand out IPs to your internal network. Your Active Directory server will be your DHCP server, your DNS server and your logon/permissions controller. The internal IP of your firewall will be your default gateway for the internal network, everything the external side of the firewall should take care of itself.

If I get a chance, I'll draw a diagram with some example IPs, it'll probably make it clearer
Share
August 15, 2013 12:16:31 PM

Nijinski said:
You should still leave the Comcast router as DHCP handing an IP to the firewall.

You then turn off DHCP on the firewall and the switch and leave the Active Directory server to hand out IPs to your internal network. Your Active Directory server will be your DHCP server, your DNS server and your logon/permissions controller. The internal IP of your firewall will be your default gateway for the internal network, everything the external side of the firewall should take care of itself.

If I get a chance, I'll draw a diagram with some example IPs, it'll probably make it clearer


That would be greatly appreciated, thank you! In the meantime I'll keep looking on how to best use that 2012 Server.
m
0
l
!