Skip to main content
dbarroco
dbarroco
New Member
May 24, 2018
Question

Firewall behind L3 switch

  • May 24, 2018
  • 1 reply
  • 3337 views

Hello, 

 

I have several vlans routing themselves in a L3 switch, which has a default gateway point to fortigate 100d for off-site traffic.

 

I'm unable to create policies based by device. The only device I see is naturally the switch.

 

The way I see it i can:

- stop using vlans and use a flat lan (not preferred)

- Use the Fortigate as the L3 routing (i'm talking about a factory with 100+ devices, concerned about performance)

- use FSSO and use AD groups ( :\ )

 

I'm looking for advice on better solution.

 

Thank you 

David

    1 reply

    Nicholas_Doropoulos
    Nicholas_Doropoulos
    New Member
    June 17, 2018

    Hello, 

     

    If by "device" you refer to Fortigate's device detection method, you have the following options:

     

    1) Replace your L3 Swtch with a Fortiswitch.

     

    2) Use your own Fortigate for inter-vlan routing (as you pointed out).

     

    3) Install Forticlient on your endpoints so they can register to the Fortigate.

     

    I hope that helps. 

    Terms & ConditionsAccessibility statement