Skip to main content
SHERIFF
SHERIFF
New Member
May 29, 2018
Question

Firewall between 2 workstations in same network

  • May 29, 2018
  • 1 reply
  • 6285 views

Hi All, 

i have 2 workstations in the same network (direct connection between them) and now i need to install firewall FortiGate 50E in between for control.

Any idea how to set that up.

 

Note: Each workstation has multiple NICs  and one already has default gateway configured so i can't change that.

 

 

    1 reply

    Iescudero
    Iescudero
    New Member
    May 29, 2018

    Hi there!

    Maybe it's not the same that you already had imagined, but i think this should work:

    It's not entirely necessary to do the exact configuration, but you can try with your fortigate in the same subnet and create a vip with an external IP 172.16.22.6 which forwards traffic to the host b NIC 2, 172.16.22.10 and viceversa. then you must create the policys and start logging.

    darwin_FTNT
    Staff
    darwin_FTNT
    Staff
    May 29, 2018

    Can try using virtual wire pair setup:

     

    http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm

     

    Virtual wire pair seems to function similar to transparent mode.

     

    For NAT mode (default factory setting) using regular firewall policy (config firewall policy), the flow-based/proxy-based utm could be hooked into the FORWARD chain (other chains are INPUT and OUTPUT, etc).  Only forward packets (destined to other hosts) are scanned.  For within LAN or local hosts, it could be skipped by forward chain I think.

     

    There are other firewall policy types also:

     

    1. sniffer policy (config firewall sniffer)

     

    2. interface policy (config firewall interface-policy)

     

    Both types above received the packets at the network buffer level instead.

     

    Terms & ConditionsAccessibility statement