Hello,
We are in the process of prepping to move from Cisco ASAs to Fortigate 200Fs. Currently on the ASAs we use 3 interfaces - Outside (security level 0), Inside (security level 100) and Transit (security level 100). The transit interface connects into our SD-WAN appliance by velocloud.
To allow traffic to flow between Inside and Transit interfaces, we had to issue "same-security-traffic permit inter-interface".
Since I can't get FortiConverter to work on my local PC for the life of me, I was curious if anyone out there had run into this and if it required any additional config like the Cisco's do? Unfortunately I don't have a test environment for this piece so trying to be prepared as possible for the cutover.
#200F #ASA #Cisco
Thanks!
Adam
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm not aware there is something like a 'security level' associated with interfaces. Interfaces in FortiOS are all treated equally, be it physical, VLAN, IPsec, GRE or SSLVPN. So I would not see any need to take additional precautions regarding this matter.
The main principle of a FGT firewall is 'whitelisting' - anything is forbidden unless you explicitey allow it. Once you create a policy between a pair of interfaces, you enable traffic, regardless of their 'intrinsic' risk potential.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.