Good afternoon, Hi, I'm here looking for your orientation because I'm still new with Fortinet, the case is that we have a Fortigate 100E and we're going to hire a fiber link and we need to know how is the best option to connect it, if directly to the one of the ports SFP or using one of the ports of the LAN(15,16) which are indicated like "shared interfaces". Which is the best practice? How I make the link between port ethernet and SFP when connect the fiber? we must separate a port ethernet from the LAN? we have the port WAN2 free so we would using to connect the fiber and is mor simple? use a transceiver? sorry for all this questions but I'm a little confusing and I need to know the more siple way to manage this subject.
Thanks in advance.
Greetings.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
and welcome to the forums.
The SFP ports and the last GbE (copper) ports are mutually exclusive, that is, if you use a SFP port the corresponding copper port is disabled.
All in all your situation is quite simple. My recommendations:
- use the SFP port, inserting a suitable transceiver
- you will use the SFP port as your new WAN port. As port names are just a label and have no functional differences (except the mgmt ports), there are no obstacles. You may (for convenience) create a zone named 'wan' and assign the SFP port to it. This way, your policies will be more legible.
Hi ede_pfau! thanks for replay, Ok. we are going to use the SFP port with the transceiver, so these would be the steps? 1.- We connect the fiber cable with the corresponding transceiver in the SFP port (shared with port 15). 2.- We separate the port 15 of the LAN 3.- We configure the interface on port 15 and the static route with the data of the ISP. 4.- We configure Policies and end.
Correct me if I'm wrong.
I'm not clear with the subject of create a Zone, is it necessary?. Can you give me an example about the ZONES?
thanks you a lot again for take the time to answer me!
yes, all these steps are necessary and in the right order. Go ahead!
Regarding zones:
First off, you don't need this. It's only meant to make the handling easier, that is, to rename the port from "port15" to "wan". If you can live with "port15" there is no further config necessary.
A 'zone' is a container for physical ports. As such, it's got a name. You can use a zone in most places where you can use a port, for instance in policies. But there are exceptions where a zone cannot replace a port. Therefore, I would now recommend you go with the physical port. Sorry to have bothered you.
Hi my friend! you bothered me? no way!, I'm very grateful with you for your guide.
So, now we're waiting to the ISP give us the fiber and make all the connections. I let you know how works all. There is another subject that I like to consult you but I don't know if you have the time for it neither if I have to open another post?
Thanks a lot once again.
Greetings.
Becareful of zones and usage. You can have multiple interfaces in a single zone you could infact reference all interfaces in unique zones.
As far naming, I believe you can't rename the "named_zone", so design your zone concept and use some logic. We use zones in alot of case
ZONA_NETWORK_Interior ( port 1 port2 port3 or vlan.subinerfaces )
ZONA_NETWORK_Exterior ( physical AE or vlan )
ZONA_NETWORK_VPNtunnel( rt-base interfaces )
etc...
The
PCNSE
NSE
StrongSwan
Hi emnoc,
Thanks for your advice about the Zones, I saw some examples where they use something like that you mention.
Greetings
Regarding other questions you might have, I think it's best to open a new thread for that. It's easier for others to find a subject in the future this way. And let them keep coming, that's what the forums are there for.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.