Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SHERIFF
New Contributor

Created on ‎05-29-2018 12:37 AM

Firewall between 2 workstations in same network

Hi All, 

i have 2 workstations in the same network (direct connection between them) and now i need to install firewall FortiGate 50E in between for control.

Any idea how to set that up.

 

Note: Each workstation has multiple NICs  and one already has default gateway configured so i can't change that.

 

 

4630
0 Kudos
3 REPLIES 3
Iescudero
Contributor II

Created on ‎05-29-2018 09:04 AM

Hi there!

Maybe it's not the same that you already had imagined, but i think this should work:

It's not entirely necessary to do the exact configuration, but you can try with your fortigate in the same subnet and create a vip with an external IP 172.16.22.6 which forwards traffic to the host b NIC 2, 172.16.22.10 and viceversa. then you must create the policys and start logging.

Preview file
45 KB
2140
0 Kudos
darwin_FTNT
Staff
Staff
In response to Iescudero

Created on ‎05-29-2018 11:03 AM

Can try using virtual wire pair setup:

 

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm

 

Virtual wire pair seems to function similar to transparent mode.

 

For NAT mode (default factory setting) using regular firewall policy (config firewall policy), the flow-based/proxy-based utm could be hooked into the FORWARD chain (other chains are INPUT and OUTPUT, etc).  Only forward packets (destined to other hosts) are scanned.  For within LAN or local hosts, it could be skipped by forward chain I think.

 

There are other firewall policy types also:

 

1. sniffer policy (config firewall sniffer)

 

2. interface policy (config firewall interface-policy)

 

Both types above received the packets at the network buffer level instead.

 

2140
0 Kudos
SHERIFF
New Contributor
In response to Iescudero

Created on ‎05-30-2018 11:22 PM

I am kinda new to these, what is the VIP1/2? is these LAN port or WAN port?

when i tried to configure the interfaces, they didn't accept setting both lan and wan on the same sub net.

 

is it possible to apply policy on LAN ports? i made a test and they act like switch/hub.

2140
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.