Connecting two FortiGate 51E's via Switch (ISP LAN Extension between 2 physical offices)

Question

I have two FortiGate 51E devices, each one is acting as the gateway for an office at two different physical locations. Each location has a dedicated fibre internet connection and a second connection called a 'LAN Extension' which is a dedicated line between both of our offices to act as a fast dedicated line for intra-LAN communication between the offices.

What is the best practise for FortiGate's to be connected to each other using a LAN extension as mentioned above? The connection is direct so no need for encryption or VPN's. I was thinking about just connecting the FortiGate's to the LAN extension and setting up their own subnet and then setup routing and firewall rules to route the traffic. I was wondering if FortiGate had a better recommendation for managing this type of connection.

rwpatterson · Answer

Welcome to the forums.

We here are users of various levels of expertise. Fortigate staff does contribute here, but usually on more intricate matters. That being said, I think what you have proposed would be the way to go. You could additionally set up an IPSec tunnel on the Internet side in the event the leased pipe drops, but that would be on you. You have a dedicated pipe which is basically a really long Ethernet cable, then connect the two 51Es head to head and give them a transition network, configure the routing and policies and away you go.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded