Hi all, first time poster here. I recently came into this job and am still learning how to speak FortiVerse when I've been speaking SonicWall, Sophos, Extreme, and NetGear for the past 14 years. I've been struggling with this specific problem for a while and figure I should ask the hive mind that has the most specific experience.
We have a remote site where we inherited a legacy SonicWall-based network. I migrated nearly all of the devices from said network and onto our network serviced by a FortiGate 80F, but there is a lingering issue with their door controls and cameras. Without spending a bunch of time describing the legacy security network, my intent is to dedicate one of my FGT ports to serve that network as-is and let the FGT do the work for me.
On to the technical details.
My FGT is using LAN4 for Department 4 (192.168.104.0/24), LAN3 for Department 3 (192.168.103.0/24), and WAN1 to the ISP. No VLANs, just different networks with routing rules, all in all a fairly simple setup.
The legacy SonicWall is configured to use VLAN202 (192.168.202.0/24) as the security network, with basic rules allowing traffic out, along with a rule allowing inbound traffic from the old user network to the door controller appliance to reach said controller. My network already has a 192.168.202.0 subnet so I cannot just connect it directly, otherwise the whole thing would have been done 3 months ago.
Picture, 1,000 words, and all that:
So my dilemma is that I don't know how to make it so the facilities manager on LAN4 can access LAN2, which VLAN-tagged on that network's switches. I've heard that I need to create VLAN 202 on FGT LAN4 (which didn't make sense to me), or that I need to set up 1:1 NAT on LAN2, or that I can do a simple static route along with 1:1 NAT, or combinations hereof. What I don't have yet is a solid solution.
Anyone have insight on the concept as well as technical details for how I can solve this puzzle?