Hi Fortinet Community!,
I have a client whose network I managed from overseas. We are undertaking a restructuring of the current network design to increase scalability and security for the future. I have not had any experience configuring this using Fortinet ecosystem, so I had some questions (bottom of post) for the community about my configuration/process.
Current Fortinet topology
1x Fortigate 60F (7.0.3)
4x Fortiswitch 124E (7.0.1) (stacked)
1x Unmanaged POE switch
Current Network topology: Everything resides on a 10.0.0.0/24
New Network Configuration
Fortigate Internal Network (VLAN 1) - ???
VLAN 10 = Static (Servers[vSphere]/Printers/Network Devices)- 10.0.0.0/24
VLAN 20 = VOIP - 10.0.1.0/24
VLAN 30 = Internal Devices (Computers/Laptops/Cell/Wifi) - 10.1.0.0/22
VLAN 40 = Guest Wifi - 10.2.0.0/22
VLAN 10,20,30 to allow inter-vlan routing
VLAN 40 - Int access only
Questions to the community:
Network Change-Over Plan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't think it's a matter of best practices, more a matter of choice - if you want to move the devices assigned static IPs or not. From a security perspective, it would be better to isolate them in their corresponding VLAN.
And as long as you don't change settings on the WAN interface (your access interface) access from WAN should not be cut.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1081 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.