Hello all,
Many years ago, someone set my company up on a local 132.147.xxx.xxx subnet that is currently configured in our FortiGate (running 6.2). I would like to gradually migrate us off of this. My question has to do with the best path to do it. We currently have FortiSwitches that are in standalone mode. With a LAN interface built for this current addressing scheme. I would like to move us to a new addressing scheme with a 10.16.xxx.xxx VLAN for data and a 10.17.xxx.xxx for Voice as we would like to eventually add VOIP.
Would it be best for me to build this through FortiLink? I have two switches that are not currently being used, that I could start this on. Also, how would I build a path between the old network (132.147) and the new network (10.16) so that I could gradually migrate devices over to the new network, could I just do a policy for both directions? Thanks in advance.
Solved! Go to Solution.
Hey mate, Do you still need help? By the way Im curious with the IP 132.147.xxx.xxx this seems to be out of the range of the private IP addresses to be used locally,
Address ranges to be used by private networks are:
Class A: 10.0.0.0 to 10.255.255.255Class B: 172.16.0.0 to 172.31.255.255Class C: 192.168.0.0 to 192.168.255.255[/ul]Well, if you still need help, just give me a reply.
Hey mate, Do you still need help? By the way Im curious with the IP 132.147.xxx.xxx this seems to be out of the range of the private IP addresses to be used locally,
Address ranges to be used by private networks are:
Class A: 10.0.0.0 to 10.255.255.255Class B: 172.16.0.0 to 172.31.255.255Class C: 192.168.0.0 to 192.168.255.255[/ul]Well, if you still need help, just give me a reply.
Donaire wrote:Yes, thank you. That is the biggest reason we're moving off of the 132.147 range, because it's not a private IP range. I'm trying to gradually move over to the 10.16 range that we have built. Can you also tell me if it would work for me to build a 10.17 VLAN for VOIP off of the 10.16 interface? Thanks.Hey mate, Do you still need help? By the way Im curious with the IP 132.147.xxx.xxx this seems to be out of the range of the private IP addresses to be used locally,
Address ranges to be used by private networks are:
Class A: 10.0.0.0 to 10.255.255.255Class B: 172.16.0.0 to 172.31.255.255Class C: 192.168.0.0 to 192.168.255.255
Well, if you still need help, just give me a reply.
well on FGT side you have to change everything that has do to with that subnet:
- interfaces
- addresses
- routes
- ...
if you know the current settings you could take an unencrypted backup of your FGT and do some search & replace on it and then restore it back to the FGT.
Thus there may be other devices or occasions where that subnet or ips oout of it are involced. Those have to be changed too of course.
if you want to have both old and new subnets at the same time you would have to configure that parallel.
Own Interface, policies etc.
then you could create some policy to allow traffic between the subnets. Policy is always only needed for a direction in which you implicitely want to establish a connection.
e.g. if you want to be able to ping from subnet a to b only (but not from b to a
you need a policy that allows icmp echo coming from subnet a and going to subnet b. You don't need any reverse policy to get a ping reply. If you want to be able to ping from b to a too you will need the reverse policy.
Routes are only needed if the "opposite" subnet is not on the same device so to say. As long as you FGT has some interface in a subnet you need no explicite routes for that. The interface makes sure there is a route then.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.