I have an upcoming job where I’ll be installing and configuring a FortiGate to serve as the edge router at a facility currently running an all-Cisco internal network (from a previous contractor). The long-term plan is to replace all Cisco devices with Fortinet gear, but to avoid downtime, the Cisco network will continue operating through the FortiGate for now.
Currently, a Meraki MX400 is acting as the edge router. Since we’re unsure of its configuration and I haven’t worked with one before, we don’t want to remove it yet. Instead, the MX400 will connect to the FortiGate, which will then connect to the ISP. We’ll begin building the new network off the FortiGate while keeping the existing Cisco network running through the MX400.
The MX400 already performs NAT, so I want to avoid double NAT on the FortiGate. Would the correct approach be to create a firewall policy on the FortiGate for the interface handling Cisco traffic and simply disable NAT?
hi,
in the situation you are describing with the FortiGate between the ISP and Meraki, you have 2 options in my opinion:
- the FGT takes the ISP IP / GW on the WAN side which connects to the Meraki ( totally transparent on the Meraki side ) , which would require your ISP to provide and configure another public subnet on it, connect the ISP router and configure on FGT and you dont enable NAT for the traffic between these interfaces;
- you insert the FGT between the devices and create virtual wire pairs of the interfaces that connects to Meraki and ISP
Can you elaborate the virtual wire pair option a little more? I considered that as an option but I'm just not super familiar with how it works.
Thanks
you can read more about it here, https://docs.fortinet.com/document/fortigate/7.6.4/administration-guide/166804/virtual-wire-pair
User | Count |
---|---|
2626 | |
1400 | |
810 | |
672 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.