Routing on FGT100E

Forum|Forum|8 years ago
June 8, 2018
1 reply
3258 views

I have a problem which i can't figure out. I have isp-router-fgt-l3sw-access switches. L3 sw will do routing for 4 subnets. Fgt has inside and outside interface. Inside int on fgt is aggregated and has mngmt ip address. Uplink from l3 sw is configured as access vlan mngmt subnet. Defsult gw on the sw is the mngmt ip address of the fgt. I'm having thisnissuenwhereni can't figure out how to configure fgt to know about these 5 subnets. Mngmt subnet: 10.10.20.0/24 User:10.10.20.0/24 Wifi: 10.10.30.0/24 Wifi guest: 10.10.40.0/24 Dmz: 10.10.50.0/24 Static route on the fgt to internet 0.0.0.0 0.0.0.0 public ip Router will perform nat.

mahesh_secure

New Member

Hi

you have to add route in fortigate.

destination 10.10.20.0/24

interface < fortigate to l3 switch interface>

gateway < l3 switch ip address>

you have to add all the network in l3 switch like this

Regards

Mahesh

ede_pfau

SuperUser

You could simply use a 'super-net' instead of adding one route for each subnet behind the L3 switch, like this:

on FGT: internal port address = 10.10.20.1/16

on L3 switch: uplink port address = 10.10.20.2/24

background: for each 'directly connected' subnet the FGT adds a route automatically. The 10.10.x.x 'super-net' contains not only the mgmt-LAN but also all 10.10.y.x subnets behind the L3 switch.

No changes necessary on the switch.

Or, if you want to do it by the book, add 10.10.30.0/24,10.10.40.0/24,10.10.50.0/24 on the FGT as static routes. Gateway is the L3 switch uplink address (e.g. 10.10.20.2).

Don't forget that you need policies to allow traffic from the subnets to the internet. As the switch does the routing between subnets you do not have control over inter-subnet traffic (which is a pity - let the FGT do the routing).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded