Internal network best design

Forum|Forum|4 years ago
March 15, 2022
2 replies
2234 views

Hello...

I have a FortiGate 600E device...

In the current design there is one internal interface that connects all internal vlans to the firewall:

(10 users vlans, 1 guests WIFI vlan, 1 Servers Farm vlan)... This connection comes directly from a Cisco Nexus 9396 switch which is the default gateway for all of the vlans.

Now I want to separate these vlans from each others in order to set policies between the users' vlans, WIFI vlan and server farm vlan... What I know is that I have to setup the vlans in the internal connection of FortiGate device and make it the default gateway for them instead of the Nexus switch.. Is this the right way??

And can the FortiGate 600E handle the routing instead of the Cisco Nexus device??

Any advice will be appreciated

Best answer by Toshi_Esumi

Yes and no, I guess. Moving the GWs for those VLANs from the Nexus switch to the 600E is only way to force inter-VLAN traffic to come to the FGT to regulate. The 600E probably can handle most of routing (L3) features you're currently doing with the Nexus but it might not do much of switching features unlike Nexus, ex. no access ports. So I would recommend leaving L2 features on the Nexus.

Toshi

Toshi_EsumiAnswer

SuperUser

Yes and no, I guess. Moving the GWs for those VLANs from the Nexus switch to the 600E is only way to force inter-VLAN traffic to come to the FGT to regulate. The 600E probably can handle most of routing (L3) features you're currently doing with the Nexus but it might not do much of switching features unlike Nexus, ex. no access ports. So I would recommend leaving L2 features on the Nexus.

Toshi

yas13899Author

Explorer

Thank you very much

In fact there is no need for any switching capabilities... Just isolating and controlling L3 and above traffic

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded