Skip to main content
TheLordOfTheShells
TheLordOfTheShells
New Member
January 1, 2019
Question

[Question]Best way to setup Fortigate between Cisco Switch & Cisco Router.

  • January 1, 2019
  • 2 replies
  • 46694 views

Dear All,

I just bought a new fortigate firewall and want to intergrate with our old system has allready run. I'm quite new with fortigate so hope you guys will help for the best way to settup. For a brief overview.

1) 4321 cisco router connect to ISP 2) 3850 cisco switch has several Vlans and intervlan routing also being run on its. 3) 3850 Switch's default route will point to 4321 cisco router.

So now the question is if we need to install fortigate as firewall between cisco router and Sw Core how we can simply the config to the best way. We change the Topo and Ip to meet the best configuration so do not care much about the topo now.

 

2 replies

rohitchoudhary1978
rohitchoudhary1978
Visitor III
January 1, 2019

Hi,

 

Connect CISCO 4321 [the wan router] to fortigate wan port and from FGT lan port connect the cisco switch with switchmode trunk port. Configure fortigate lan port with sub vlan id and the gateway ip. Create interface with port and select vlan and type vlan id and the necessary gateway ip address. Create the necessary policies for lan usage and the firewall is ready to work.

 

Thanks

Rohit

LUKE_LUCAS
LUKE_LUCAS
New Member
March 4, 2020

Hi we purchase 60e , and the management wants to add the 60e on our existing network...

 

i have a plan topology can you help me about my concern

thanks.

 

i attach a file.

TheLordOfTheShells
TheLordOfTheShellsAuthor
New Member
January 3, 2019

Thank you for all the advices.

After some research, there are some comment told me that Vlan should not be configured on Fortigate, Vlan on Switch layer 3 instead. After all I have configured all vlans on Switch layer 3, default route point to firewall and configure static route between firewall and router. I work fine now but I wonder is there any bad result here?

I really appreciate all your support.

TheLordOfTheShells
TheLordOfTheShellsAuthor
New Member
January 4, 2019

Hi guys.

So now I have some problems with port forwarding. I have a server on Vlan 10 need public to internet. After some configuration but not successed at all, here are steps that I has made

1. Static NAT server on router: ip nat inside source static tcp 10.10.10.100 80 interface Dialer 1 8080

2. Allow traffic from outside to server on Fortigate.

Port status is open (using ping.eu to check port status) but i can not access to server from internet.

Do you guys have any idea for that problems?

Thanks

 

Dickie
Dickie
New Member
January 4, 2019

Do you need to keep the Cisco 4321?  It would be a far simpler setup to connect the 200E to the ISP?

Terms & ConditionsAccessibility statement