Hi
I am new to Fortinet's and currently looking to replace our current firewalls with Fortigates. I have drawn up a quick topology (attached) to picture what I may be trying to achieve but have some questions around it. We require 3 VDOMS, to segregate WIFI, Corporate, and although most DMZ networks will trunk into the Corporate VDOM, there is one that needs to be separate for business purposes.
For external IPs, we have a P2P to the ISP, but we also have a /27 public IP block used for natting services.
My questions are:
1. Is it a good idea to have a 4th internet VDOM which is the root VDOM, I cant think of another way because of the fact we have a P2P to the ISP, then a separate block for natting
2. For policies and natting, I am thinking of doing all natting on the Internet VDOM, as well as having the policy for incoming traffic from outside
3. Use only firewall policies on the other 3 VDOMs and leave natting on the internet VDOM
4. For inspection would you recommend doing inspection of all 4 VDOMs
As I said, this is my first experience with Fortigates so there may be other ways I have not thought of and hoping someone can advise.
Many Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.