Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pbhardwaj
New Contributor

BGP Protocol Between Core Switch/Firewall with SD WAN device

Hi All,

 

Hope you guys are doing well.

 

I trying to configure a new setup for a new branch office. I want Firewall to do access control and  and routing to be done on Cisco L3 switch. I m confused what will will be the best way to achieve this.

 

Can you please me to understand in what mode is can run the firewall NAT mode or transparent mode.

 

I think in NAT mode their will a protocol running between Core and BGP between Fortigate and Veio device

 

Is it will be a good solution to run Firewall in transparent mode and have BGP neighbor ship with Cisco Core and Veio SD WAN device so that L3 switch will be the routing and firewall will be pure access control 

 

Pbhardwaj_0-1678202361499.png

 

Note : Is it possible to run Fortigate firewall in Routed mode and achieve direct bgp with Veio SD wan device

4 REPLIES 4
gfleming
Staff
Staff

It's possible to do almost anything with the Fortigate. It can even do your SD-WAN for you!

 

But in this case the FGT can either be a routed device and participate in your existing routing protocols or as you've pointed out can also act in transparent mode.

 

From your limited info and diagram I think transparent would work. Are you planning to run it in HA or will these be individual nodes? Hard to tell how your network is laid out...

Cheers,
Graham
Muhammad_Haiqal

Hi @Pbhardwaj ,

 

I can you see you are trying to get idea on the network design/solution.
This one require fully understanding on your existing design and requirements you want to achieve.

I understand that L3 Cisco will be gateway for your network.
But looking on the diagram, it depend on the requirements. It can be achieve and cannot achieve too.

 

Its the best if you can put the ip address/subnet you want to design on that diagram.

haiqal
Pbhardwaj
New Contributor

@gfleming  @Muhammad_Haiqal  : Thank you so much for showing your interest to help

 

So i have put the IP address more information that i can think off in the diagram and hope now you guys can understand what im trying to do

 

So the idea is to configure eBGP between my Cisco Switch and Velo Cloud i want routing to be on the routing and access control can be done on Fortigate firewall.

 

For that im using 2 vlan one for the communication between Velo and fortigate(VLan 20 1.1.1.0/29) and other for communication between Fortigate to my Core switch(Vlan 30 IP 2.2.2.0/29).

 

Kindly share you valuable feedback how i can do it if possible.

Pbhardwaj_0-1678446788646.png

 

Muhammad_Haiqal

Hi @Pbhardwaj ,

That was a great diagram and very detailed. I can understand it easily.
Yes, that design is achievable.  :)

haiqal
Top Kudoed Authors