Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
azwanarif
New Contributor

Configure FortiGate 80E as gateway and routing

Hi All,

 

Appreciate for the help and advice .Based on diagram below firewall is connected with 3 access switch using trunk port with all client and switch pointing to VLAN 3 interface (IP 10.101.3.254).

 

Layer 3 switch with IP routing enable will able to performed/automatic routing table to all VLAN interface and connection. However,  does manual routing is required and firewall policy for each connectivity to VLAN e.g. VLAN 1 > 2,3,4,5,6,7,8,9,10,11,12 and vice versa in order for all to communicate and use VLAN 3 interface (IP 10.101.3.254) as gateway ?.

 

Appreciate if anyone can guide us or provide sample of configuration of the method of deployment for our reference. Thanks

 

 

 

1 Solution
vinceneil666

Hi,

 

Ok, so then you you will need a trunk from the switches into the firewall. In the firewall you create VLAN interfaces on "top" of the interface that has the trunk.

 

So the firewall will have lots of interfaces, and by effect also have routing to all of them - since they are directly connected. So you dont need to make any static routing manually.

 

Make sure that you remove all layer3 interfaces on the switch. The switches should only contain vlans and no vlan interfaces.. (you will probably have a management vlan, that will offcourse have an ip)

 

Then create policy for all traffic between vlans.

View solution in original post

4 REPLIES 4
vinceneil666
Contributor

Hi,

 

Do you want the firewall to have policy between the different VLAN's ?

 

Or do you want all the VLAN's to be able to communicate with each other without firewall policy ? - and then have one link from the L3 switch to the firewall for internett access ? 

azwanarif

Hi,

 

Apologies for late reply. my answer below. Thanks

 

Do you want the firewall to have policy between the different VLAN's ?

 A -the goal is to have security between the VLAN's

  Or do you want all the VLAN's to be able to communicate with each other without firewall policy ? - and then have one link from the L3 switch to the firewall for internett access ?

 

 A - based on on diagram all switch are not connected/stack due to original designed was scrap and we have to improvised the designed hence the multiple trunk port from each switch beside than the budget.

    

  New plan is to allow all VLAN's to communicate with each other using firewall policy or static routing which ever method that can simplify the configuration. Correct me if i'm wrong if using firewall policy is the only method, I have to create per VLAN's connection e.g. 1>2-12 and vice versa to enable all communication?. 

 

Thanks

vinceneil666

Hi,

 

Ok, so then you you will need a trunk from the switches into the firewall. In the firewall you create VLAN interfaces on "top" of the interface that has the trunk.

 

So the firewall will have lots of interfaces, and by effect also have routing to all of them - since they are directly connected. So you dont need to make any static routing manually.

 

Make sure that you remove all layer3 interfaces on the switch. The switches should only contain vlans and no vlan interfaces.. (you will probably have a management vlan, that will offcourse have an ip)

 

Then create policy for all traffic between vlans.

azwanarif

Hi,

 

We will onsite next week in order to configured the firewall. Attached is firewall policy rule that we are planning to configured which all VLAN will use VLAN 3 interface as gateway.

 

Appreciate if anyone can verify the firewall rule. Thanks

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors