Skip to main content
papapuff
papapuff
New Member
September 13, 2019
Question

Need Advice - Connect to another LAN

  • September 13, 2019
  • 1 reply
  • 5197 views

Hi there,

we need some advice here.

 

we have project to connect 2 LANs. hope I can give clear detail for this:

- LAN_home(we will call 'L-HOME') use diffrent subnet with LAN_guest (we will call 'L-GUEST').

assume L-HOME use 1.1.1.X and L-GUEST use 1.1.2.X

- L-GUEST use Mikrotik for their router, then will attach to L-HOME.

- every traffic data from/to L-GUEST will be screening / scan by fortigate.

- L-GUEST will need to access data from L-HOME: RDP, SMB, FTP, SQL DATABASE

 

What is the best method for this?

1. L-GUEST connect to one of interface on fortigate, then create communication between that interface to L-HOME (LAN) interface;or

2. create vpn tunnel between L-GUEST and L-HOME

 

thanks in advance

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
September 13, 2019

How about the internet? Do both have a separate internet circuit on each side (Mikrotik and FGT)? Or do they need to share one internet circuit on which side?  I would never use a VPN to just connect two subnets with some policies to limit access. It wouldn't add any security or additional benefit other than overhead.

sw2090
SuperUser
sw2090
SuperUser
September 13, 2019

if those are on different sides which would you do it then Toshi? 

I want the traffic between sides to devinitely be encrypted so I use IPSec and policies.

If its same site you could use a sperate port and policies.

papapuff
papapuffAuthor
New Member
September 13, 2019

for now, they have separate internet connection.

 

future, internet will share, and internet circuit on the mikrotik side.

 

if I use separate port, then configure the policy. is it do-able, for every traffic data from/to L-GUEST will be screening / scan by fortigate?

Terms & ConditionsAccessibility statement