Hi All,
i have 2 workstations in the same network (direct connection between them) and now i need to install firewall FortiGate 50E in between for control.
Any idea how to set that up.
Note: Each workstation has multiple NICs and one already has default gateway configured so i can't change that.
Hi there!
Maybe it's not the same that you already had imagined, but i think this should work:
It's not entirely necessary to do the exact configuration, but you can try with your fortigate in the same subnet and create a vip with an external IP 172.16.22.6 which forwards traffic to the host b NIC 2, 172.16.22.10 and viceversa. then you must create the policys and start logging.
Can try using virtual wire pair setup:
http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm
Virtual wire pair seems to function similar to transparent mode.
For NAT mode (default factory setting) using regular firewall policy (config firewall policy), the flow-based/proxy-based utm could be hooked into the FORWARD chain (other chains are INPUT and OUTPUT, etc). Only forward packets (destined to other hosts) are scanned. For within LAN or local hosts, it could be skipped by forward chain I think.
There are other firewall policy types also:
1. sniffer policy (config firewall sniffer)
2. interface policy (config firewall interface-policy)
Both types above received the packets at the network buffer level instead.
I am kinda new to these, what is the VIP1/2? is these LAN port or WAN port?
when i tried to configure the interfaces, they didn't accept setting both lan and wan on the same sub net.
is it possible to apply policy on LAN ports? i made a test and they act like switch/hub.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.