How to Fortigate Blocking internal trafic

Forum|Forum|1 year ago
April 30, 2025
1 reply
665 views

Hi eveyone,

I need help or technical help.

I have this topology:

I have central router Cisco ASR 920, on this router ending L3 routing and interfaces. Router send trafic via BGP to isfw fortigate or segmentation firewall and segmentation send via bgp to perimeter. Comunication to public is okay but internal trafic no, ending on router. Default routes is directed to isfw. I try it PBR from routers but the router has limitations.i dont know how to directed all traffic to isfw.

Thank you for support

Mathues

FortiGate

funkylicious

SuperUser

hi,

you want your internal traffic ( traffic between local subnets ) that is currently routed/directly connected on your Cisco router to actually be handled by the firewall ( and maybe implement some firewall rules ) ?

if so, the only way i would think you can achieve this is to remove the Cisco router and let the FGT handle all the traffic.

"jack of all trades, master of none"

MartausAuthor

New Member

Hello,

Yes, I want to set up traffic rules on the firewall, but I want to keep the routing and L3 interfaces on the router. This is a problem on the router, because it has limitations.

I have multiple branches terminating on the router.

Yes, I can remove the router, but all my networks are Cisco and I want to change all the routing and create MPLS.

I need a way to redirect traffic to the firewall and have it go back, for example, branch A to branch B

dingjerry_FTNT

Staff

Hi @Martaus ,

I don't think that this is an issue on FGT.

It depends on how the upstream and downstream routers to the FGT direct the traffic.

Once the traffic is hitting the FGT, and FGT has the correct routes ( either via BGP or static routes), you can allow or deny the traffic using the firewall policies.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded