Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pbhardwaj
New Contributor

Created on ‎03-07-2023 07:22 AM

BGP Protocol Between Core Switch/Firewall with SD WAN device

Hi All,

 

Hope you guys are doing well.

 

I trying to configure a new setup for a new branch office. I want Firewall to do access control and  and routing to be done on Cisco L3 switch. I m confused what will will be the best way to achieve this.

 

Can you please me to understand in what mode is can run the firewall NAT mode or transparent mode.

 

I think in NAT mode their will a protocol running between Core and BGP between Fortigate and Veio device

 

Is it will be a good solution to run Firewall in transparent mode and have BGP neighbor ship with Cisco Core and Veio SD WAN device so that L3 switch will be the routing and firewall will be pure access control 

 

Pbhardwaj_0-1678202361499.png

 

Note : Is it possible to run Fortigate firewall in Routed mode and achieve direct bgp with Veio SD wan device

Labels:
1229
0 Kudos
4 REPLIES 4
gfleming
Staff
Staff

Created on ‎03-07-2023 07:33 AM

It's possible to do almost anything with the Fortigate. It can even do your SD-WAN for you!

 

But in this case the FGT can either be a routed device and participate in your existing routing protocols or as you've pointed out can also act in transparent mode.

 

From your limited info and diagram I think transparent would work. Are you planning to run it in HA or will these be individual nodes? Hard to tell how your network is laid out...

Cheers,
Graham
1225
0 Kudos
Muhammad_Haiqal
Staff
Staff

Created on ‎03-07-2023 11:17 PM

Hi @Pbhardwaj ,

 

I can you see you are trying to get idea on the network design/solution.
This one require fully understanding on your existing design and requirements you want to achieve.

I understand that L3 Cisco will be gateway for your network.
But looking on the diagram, it depend on the requirements. It can be achieve and cannot achieve too.

 

Its the best if you can put the ip address/subnet you want to design on that diagram.

haiqal
1209
0 Kudos
Pbhardwaj
New Contributor

Created on ‎03-10-2023 03:18 AM

@gfleming  @Muhammad_Haiqal  : Thank you so much for showing your interest to help

 

So i have put the IP address more information that i can think off in the diagram and hope now you guys can understand what im trying to do

 

So the idea is to configure eBGP between my Cisco Switch and Velo Cloud i want routing to be on the routing and access control can be done on Fortigate firewall.

 

For that im using 2 vlan one for the communication between Velo and fortigate(VLan 20 1.1.1.0/29) and other for communication between Fortigate to my Core switch(Vlan 30 IP 2.2.2.0/29).

 

Kindly share you valuable feedback how i can do it if possible.

Pbhardwaj_0-1678446788646.png

 

1191
0 Kudos
Muhammad_Haiqal
Staff
Staff
In response to Pbhardwaj

Created on ‎03-11-2023 06:13 AM

Hi @Pbhardwaj ,

That was a great diagram and very detailed. I can understand it easily.
Yes, that design is achievable.  :)

haiqal
1177
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.