Configure FortiGate 80E as gateway and routing

Forum|Forum|7 years ago
June 13, 2019
1 reply
8554 views

Hi All,

Appreciate for the help and advice .Based on diagram below firewall is connected with 3 access switch using trunk port with all client and switch pointing to VLAN 3 interface (IP 10.101.3.254).

Layer 3 switch with IP routing enable will able to performed/automatic routing table to all VLAN interface and connection. However, does manual routing is required and firewall policy for each connectivity to VLAN e.g. VLAN 1 > 2,3,4,5,6,7,8,9,10,11,12 and vice versa in order for all to communicate and use VLAN 3 interface (IP 10.101.3.254) as gateway ?.

Appreciate if anyone can guide us or provide sample of configuration of the method of deployment for our reference. Thanks

Network.png

Best answer by vinceneil666

Hi,

Ok, so then you you will need a trunk from the switches into the firewall. In the firewall you create VLAN interfaces on "top" of the interface that has the trunk.

So the firewall will have lots of interfaces, and by effect also have routing to all of them - since they are directly connected. So you dont need to make any static routing manually.

Make sure that you remove all layer3 interfaces on the switch. The switches should only contain vlans and no vlan interfaces.. (you will probably have a management vlan, that will offcourse have an ip)

Then create policy for all traffic between vlans.

vinceneil666

New Member

Hi,

Do you want the firewall to have policy between the different VLAN's ?

Or do you want all the VLAN's to be able to communicate with each other without firewall policy ? - and then have one link from the L3 switch to the firewall for internett access ?

azwanarifAuthor

New Member

Hi,

Apologies for late reply. my answer below. Thanks

Do you want the firewall to have policy between the different VLAN's ?

A -the goal is to have security between the VLAN's

Or do you want all the VLAN's to be able to communicate with each other without firewall policy ? - and then have one link from the L3 switch to the firewall for internett access ?

A - based on on diagram all switch are not connected/stack due to original designed was scrap and we have to improvised the designed hence the multiple trunk port from each switch beside than the budget.

New plan is to allow all VLAN's to communicate with each other using firewall policy or static routing which ever method that can simplify the configuration. Correct me if i'm wrong if using firewall policy is the only method, I have to create per VLAN's connection e.g. 1>2-12 and vice versa to enable all communication?.

Thanks

vinceneil666Answer

New Member

Hi,

Ok, so then you you will need a trunk from the switches into the firewall. In the firewall you create VLAN interfaces on "top" of the interface that has the trunk.

So the firewall will have lots of interfaces, and by effect also have routing to all of them - since they are directly connected. So you dont need to make any static routing manually.

Make sure that you remove all layer3 interfaces on the switch. The switches should only contain vlans and no vlan interfaces.. (you will probably have a management vlan, that will offcourse have an ip)

Then create policy for all traffic between vlans.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded