Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pkoum1
New Contributor II

Fortianalyzer isolate traffic between ports

Hello

All "internal" Fortigates send logs to our Fortianalyzer's port1.

We want a "dmz" Fortigate to send logs to Fortianalyzer's port2, this is because traffic from "dmz" to "internal" is not permited.

How can i isolate traffic between Fortianalyzer's ports in order to safeguard the above policy?

The dmz Fortigate is not hosted to us so we can not use a mgmt interface.

 

Thanks 

1 REPLY 1
AEK
SuperUser
SuperUser

Hi

I think what you want to do is to put FAZ's port2 in the DMZ with your FortiGate, and it should work for you as expected.

On the other hand I also think this is not a very clean design (in terms of network/security), because FAZ is considered as host device, not a perimeter device, and in a clean design a non-perimeter device should not be connected to more than one VLAN/DMZ at the same time.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors