Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MarcusI
New Contributor

Configuring Fiber on Fortigate 100E

Good afternoon, Hi, I'm here looking for your orientation because I'm still new with Fortinet, the case is that we have a Fortigate 100E and we're going to hire a fiber link and we need to know how is the best option to connect it, if directly to the one of the ports SFP or using one of the ports of the LAN(15,16) which are indicated like "shared interfaces". Which is the best practice? How I make the link between port ethernet and SFP when connect the fiber? we must separate a port ethernet from the LAN? we have the port WAN2 free so we would using to connect the fiber and is mor simple? use a transceiver? sorry for all this questions but I'm a little confusing and I need to know the more siple way to manage this subject.

 

Thanks in advance.

 

Greetings.

7 REPLIES 7
ede_pfau
Esteemed Contributor III

hi,

 

and welcome to the forums.

 

The SFP ports and the last GbE (copper) ports are mutually exclusive, that is, if you use a SFP port the corresponding copper port is disabled.

 

All in all your situation is quite simple. My recommendations:

- use the SFP port, inserting a suitable transceiver

- you will use the SFP port as your new WAN port. As port names are just a label and have no functional differences (except the mgmt ports), there are no obstacles. You may (for convenience) create a zone named 'wan' and assign the SFP port to it. This way, your policies will be more legible.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
MarcusI

Hi ede_pfau! thanks for replay, Ok. we are going to use the SFP port with the transceiver, so these would be the steps? 1.- We connect the fiber cable with the corresponding transceiver in the SFP port (shared with port 15). 2.- We separate the port 15 of the LAN 3.- We configure the interface on port 15 and the static route with the data of the ISP. 4.- We configure Policies and end.

Correct me if I'm wrong.

I'm not clear with the subject of create a Zone, is it necessary?. Can you give me an example about the ZONES?

thanks you a lot again for take the time to answer me!

ede_pfau
Esteemed Contributor III

yes, all these steps are necessary and in the right order. Go ahead!

Regarding zones:

First off, you don't need this. It's only meant to make the handling easier, that is, to rename the port from "port15" to "wan". If you can live with "port15" there is no further config necessary.

A 'zone' is a container for physical ports. As such, it's got a name. You can use a zone in most places where you can use a port, for instance in policies. But there are exceptions where a zone cannot replace a port. Therefore, I would now recommend you go with the physical port. Sorry to have bothered you.

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
MarcusI

Hi my friend! you bothered me? no way!, I'm very grateful with you for your guide.

 

So, now we're waiting to the ISP give us the fiber and make all the connections. I let you know how works all. There is another subject that I like to consult you but I don't know if you have the time for it neither if I have to open another post?

 

Thanks a lot once again.

 

Greetings.

emnoc
Esteemed Contributor III

Becareful of zones  and usage. You can  have multiple interfaces in a single zone you could infact reference all  interfaces in  unique zones.

 

As far naming, I believe you can't rename the "named_zone", so design your zone concept and use some logic. We use zones in alot of case

 

ZONA_NETWORK_Interior ( port 1  port2 port3 or  vlan.subinerfaces )

ZONA_NETWORK_Exterior ( physical AE or vlan )

ZONA_NETWORK_VPNtunnel( rt-base interfaces )

 

etc...

 

The

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
MarcusI
New Contributor

Hi emnoc,

 

Thanks for your advice about the Zones, I saw some examples where they use something like that you mention.

 

Greetings

 

ede_pfau
Esteemed Contributor III

Regarding other questions you might have, I think it's best to open a new thread for that. It's easier for others to find a subject in the future this way. And let them keep coming, that's what the forums are there for.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors