- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortianalyzer isolate traffic between ports
Hello
All "internal" Fortigates send logs to our Fortianalyzer's port1.
We want a "dmz" Fortigate to send logs to Fortianalyzer's port2, this is because traffic from "dmz" to "internal" is not permited.
How can i isolate traffic between Fortianalyzer's ports in order to safeguard the above policy?
The dmz Fortigate is not hosted to us so we can not use a mgmt interface.
Thanks
- Labels:
-
FortiAnalyzer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I think what you want to do is to put FAZ's port2 in the DMZ with your FortiGate, and it should work for you as expected.
On the other hand I also think this is not a very clean design (in terms of network/security), because FAZ is considered as host device, not a perimeter device, and in a clean design a non-perimeter device should not be connected to more than one VLAN/DMZ at the same time.