I have procured a new Fortigate 200E firewall and I need to put ports 1 to 4 in a single vlan (same segment)
How do I define this setup? Shall I define a new zone or interface?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Two obvious choices would be
- hardware switch
or
- LACP trunk
But...unfortunately the 200E does not have a hw switch chip so it would emulate a switch in software. This will surely impact CPU load a lot. Not recommended.
Hopefully the switch the FGT is connected to is LACP capable. Create an LACP trunk from GUI, and fine-tune it in CLI if you need to. All ports will participate in traffic, adding bandwidth and redundancy.
Just to clarify, even if I use it as a software switch, my systems will not have any traffic within the vlan subnet (software switch), they will talk to a system which is connected to firewall outside interface using a dedicated switch.
I believe if I have huge traffic within a software switch it's a problem right?
Can I use the software switch when there is no switch but my traffic is not within the vlan (software switch) ?
Of course you can use a software-based switch. The FG-200E does have a decent CPU so that with moderate load you won't notice the difference to a hardware-based switch much.
You wrote that you need to put 4 ports into the same VLAN. Isn't that the classic situation of an access switch? Why not expand your FGT with a FortiSwitch? They are fully manageable from the FGT, fully monitored and cheap (in absolute price and cheaper per port than Cisco).
Anyways, if you want to keep this simple, create a sw switch and look how far you get. It doesn't matter if traffic is predominantely inter-vlan or external.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1099 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.