I have 24 port fortiswitch in front of my fortinet and other vdoms witch also have fortilinks. Can I use the fortilink on my root vdom or could I create separate vdoms for the wan interfaces and connect those to the root vdom fortilink and pass those wan vdoms with vdom links? Or do I setup my incoming fortiswitch to manually handle traffic? :thinking_face: But if I use my vdom wans can my fortinet still update? Could use I tried the vdom wans before and the fortinet service wasn't connecting to the server as I assume the root vdom needs a wan interface.. ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I wouldn't recommend separating WANs into a VDOM unless you have multiple sub-organizations/tenants and additional public subnets form ISP(s). It would make things more difficult like terminating VPNs and routing traffic through vdom-link/npu-vlink (I strongly recommend npu-vlink for performance), and so on and on.
Fortiswitch is just a switch like any other VLAN capable switches so you can phisically terminate LANs as well as any circuits and carry L2 traffic over VLANs separately to get to the FGT. FGTs handle VLANs as independent interfaces regardless which physical interface they're on. Only downside is all in/out traffic to/from the FGT need to come/go over the fortilink so you probably want to make it LAG (trunk in FSW's terminology) with at least 2x GE ports to keep at least 1Gbps bandwidth for WAN side and another 1Gbps bandwidth for LAN side. Then traffic from/to LAN to/from the internet would be "hairpined" at the FGT.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1028 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.