Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Firewall behind L3 switch



I have several vlans routing themselves in a L3 switch, which has a default gateway point to fortigate 100d for off-site traffic.


I'm unable to create policies based by device. The only device I see is naturally the switch.


The way I see it i can:

- stop using vlans and use a flat lan (not preferred)

- Use the Fortigate as the L3 routing (i'm talking about a factory with 100+ devices, concerned about performance)

- use FSSO and use AD groups ( :\ )


I'm looking for advice on better solution.


Thank you 





If by "device" you refer to Fortigate's device detection method, you have the following options:


1) Replace your L3 Swtch with a Fortiswitch.


2) Use your own Fortigate for inter-vlan routing (as you pointed out).


3) Install Forticlient on your endpoints so they can register to the Fortigate.


I hope that helps. 

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3

Top Kudoed Authors