Building a firewall config for a client on a Fortigate 60E with 5.4.3.
The firewall is essentially set as NAT/Route mode with various internal interfaces acting as gateways for various VLANs. The VLANs are in place for various items and various 3rd parties with gear at the site where the firewall will land.
Site will initially have a single WAN but this will likely change. The single WAN will have 6 IPs available.
One of the 3rd party's requirements is that we give them a single port with one of the WAN IPs going through the firewall directly as passthrough. This way we can protect their internet traffic at some level in and out (and the client by extension). I was against this setup and wanted to just give them a VLAN switch port on an Internet VLAN and let them manage their internet protection, etc.
At any rate - I'm now at the point where I 'need' to make this work. Essentially have their port act as a switch port on the ISP.
I had thought about using VDOM and putting a single port for them there, in transparent mode - but this seems to be a lot of trouble for this.
Maybe virtual wire pair could work for this sort of thing as well?
Any thoughts on how best to implement this?
Thanks,
BWiebe
Right - I'm aware of this - I need the firewall to do both - so VDOMs may be my only option.
You will want to isolate the traffic on a DMZ interface and configure a VLAN to isolate it. Traffic comes in WAN and goes to a DMZ interface with a VLAN. VDOM is a virtual domain. I think you can do the same with VLAN and not allow it to route to the other interfaces by using a DMZ.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.