We are in the process of prepping to move from Cisco ASAs to Fortigate 200Fs. Currently on the ASAs we use 3 interfaces - Outside (security level 0), Inside (security level 100) and Transit (security level 100). The transit interface connects into our SD-WAN appliance by velocloud.
To allow traffic to flow between Inside and Transit interfaces, we had to issue "same-security-traffic permit inter-interface".
Since I can't get FortiConverter to work on my local PC for the life of me, I was curious if anyone out there had run into this and if it required any additional config like the Cisco's do? Unfortunately I don't have a test environment for this piece so trying to be prepared as possible for the cutover.
I'm not aware there is something like a 'security level' associated with interfaces. Interfaces in FortiOS are all treated equally, be it physical, VLAN, IPsec, GRE or SSLVPN. So I would not see any need to take additional precautions regarding this matter.
The main principle of a FGT firewall is 'whitelisting' - anything is forbidden unless you explicitey allow it. Once you create a policy between a pair of interfaces, you enable traffic, regardless of their 'intrinsic' risk potential.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.