I have several vlans routing themselves in a L3 switch, which has a default gateway point to fortigate 100d for off-site traffic.
I'm unable to create policies based by device. The only device I see is naturally the switch.
The way I see it i can:
- stop using vlans and use a flat lan (not preferred)
- Use the Fortigate as the L3 routing (i'm talking about a factory with 100+ devices, concerned about performance)
- use FSSO and use AD groups ( :\ )
I'm looking for advice on better solution.
If by "device" you refer to Fortigate's device detection method, you have the following options:
1) Replace your L3 Swtch with a Fortiswitch.
2) Use your own Fortigate for inter-vlan routing (as you pointed out).
3) Install Forticlient on your endpoints so they can register to the Fortigate.
I hope that helps.
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.