Skip to main content
smilings
smilings
Explorer
October 7, 2025
Question

ISP to Fortigate 100F to Cisco FTD1140

  • October 7, 2025
  • 3 replies
  • 460 views

We currently have a cisco FTD1140 as the main firewall but are now planning to add a Fortigate 100F in front, between the ISP and Cisco. Not exactly sure how to configure the IP's of the Fortigate 100F to allow traffic to passthrough. The Fortigate will serve as a filter in order to reduce the load on the Cisco. Any ideas on how to configure the Fortigate.

 

Eventually we will setup the fortigate as SD-WAN. Here's a picture of what I believe it will look like.

 

3 replies

distillednetwork
distillednetwork
Explorer II
October 7, 2025

One option would be to put the firewall inline using virtual wire pair, it will inspect the traffic as it passes through but does not do any routing, etc.

 

The second, would be to put the public ips on the firewall and then create a /30 or similar network between the fortigate and cisco to route the traffic through.  All VIPS, IP Pools, VPNs etc would probably want to be moved to the fortigate in this scenerio.

smilings
smilingsAuthor
Explorer
October 13, 2025

I've set up a simple virtual wire pair but not sure how to test if it is working. I'm new to the firewall configuration so any help would be welcome.

 

Forti to Cisco Diagram.png

distillednetwork
distillednetwork
Explorer II
October 14, 2025

You should have Virtual wire pairs that you can setup to allow or block traffic as a test.  You can also turn on the inspection services and check the logs to see if the traffic is being inspected.

 

Virtual Wire Pair Policy Setup: https://docs.fortinet.com/document/fortigate/7.6.4/administration-guide/166804/virtual-wire-pair  

    Terms & ConditionsAccessibility statement