Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adamf53
New Contributor

Cisco ASA conversion help

Hello,

 

We are in the process of prepping to move from Cisco ASAs to Fortigate 200Fs.  Currently on the ASAs we use 3 interfaces - Outside (security level 0), Inside (security level 100) and Transit (security level 100).  The transit interface connects into our SD-WAN appliance by velocloud.  

 

To allow traffic to flow between Inside and Transit interfaces, we had to issue "same-security-traffic permit inter-interface".  

 

Since I can't get FortiConverter to work on my local PC for the life of me, I was curious if anyone out there had run into this and if it required any additional config like the Cisco's do?  Unfortunately I don't have a test environment for this piece so trying to be prepared as possible for the cutover.

 

#200F #ASA #Cisco

 

Thanks!
Adam

1 REPLY 1
ede_pfau
Esteemed Contributor III

I'm not aware there is something like a 'security level' associated with interfaces. Interfaces in FortiOS are all treated equally, be it physical, VLAN, IPsec, GRE or SSLVPN. So I would not see any need to take additional precautions regarding this matter.

 

The main principle of a FGT firewall is 'whitelisting' - anything is forbidden unless you explicitey allow it. Once you create a policy between a pair of interfaces, you enable traffic, regardless of their 'intrinsic' risk potential.


Ede

"Kernel panic: Aiee, killing interrupt handler!"