Cisco ASA conversion help

Forum|Forum|4 years ago
February 17, 2022
1 reply
2257 views

Hello,

We are in the process of prepping to move from Cisco ASAs to Fortigate 200Fs. Currently on the ASAs we use 3 interfaces - Outside (security level 0), Inside (security level 100) and Transit (security level 100). The transit interface connects into our SD-WAN appliance by velocloud.

To allow traffic to flow between Inside and Transit interfaces, we had to issue "same-security-traffic permit inter-interface".

Since I can't get FortiConverter to work on my local PC for the life of me, I was curious if anyone out there had run into this and if it required any additional config like the Cisco's do? Unfortunately I don't have a test environment for this piece so trying to be prepared as possible for the cutover.

#200F #ASA #Cisco

Thanks!
Adam

FortiGate

ede_pfau

SuperUser

I'm not aware there is something like a 'security level' associated with interfaces. Interfaces in FortiOS are all treated equally, be it physical, VLAN, IPsec, GRE or SSLVPN. So I would not see any need to take additional precautions regarding this matter.

The main principle of a FGT firewall is 'whitelisting' - anything is forbidden unless you explicitey allow it. Once you create a policy between a pair of interfaces, you enable traffic, regardless of their 'intrinsic' risk potential.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded