Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thund31
New Contributor

Created on ‎10-19-2020 02:25 AM

200D connect to two switches

got a fortigate 200D old firewall in my company's lab environment.

i'm constructing a network topology with 200D and two switches(other brand), and these two SW are providing redundancy for end devices/servers. the topology is shown in attached figure.

 

well... i'm a newbie on networking and not familiar with fortinet's product at all, so my questions are stupid and hope you don't mind:

According to my topology, do i need to set STP on 200D to prevent network loop?

i want to make the interfaces(which connected to switches) on 200D isolate the switches' broadcast and also be the gateway for redundancy.

(i will also utilize L3 routing on switches for VLANs but these VLANs need to reach firewall for internet connection...)

therefore if one interface(on 200D) or switch dies, the other one could still provide network traffic for end devices.

 

is there any special settings from fortinet that i need to be aware of on 200D for my network topology??

 

thanks for answering my dumb questions.

Preview file
21 KB
2679
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-19-2020 10:51 AM

Since it's lab environment, you should test it with wireshark to figure out what would happen. It's a very good practice understanding L2 behavior on the FGT.

As in the handbook, a FGT itself doesn't participate in STP. You can only enable forwarding STP frames.

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/857435/stp-forwarding

When you configured a hard-switch including those two ports to two swiches, non-tagged and all VLANs on it are passed from one side to the other. You need to consider it as a single wire for another connection between two switches. So the switches are the ones to detect the L2 loop to block one side.

View solution in original post

2072
0 Kudos
1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-19-2020 10:51 AM

Since it's lab environment, you should test it with wireshark to figure out what would happen. It's a very good practice understanding L2 behavior on the FGT.

As in the handbook, a FGT itself doesn't participate in STP. You can only enable forwarding STP frames.

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/857435/stp-forwarding

When you configured a hard-switch including those two ports to two swiches, non-tagged and all VLANs on it are passed from one side to the other. You need to consider it as a single wire for another connection between two switches. So the switches are the ones to detect the L2 loop to block one side.

2073
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.