Hi everyone,
I would like to ask how i will block the inter-vlan, if my vlan is in my core switch?
I have vlan created in core switch. and i create the same in fgt. By default all of the vlan are able to see each other without creating any policy.
How do i stop the vlan to see each other?
Thank you.
By default FGT does not bridge between two VLAN interfaces without any policy. If you're sure the FGT is not bridging, something else in your network is acting as a router bridging them. Is your switch an L2/L3 switch, and does it have L3 interface/IP configured? Then the switch is bridging them. You would see both subnets in its routing table if that's the case. Then you have to remove those L3 IPs from the switch and make it as L2 switch. Then only the FGT, if that's the only other L3 device, can bridge them when you create a pair of policies (I'm assuming you're not using a zone).
Firewall controls traffic so if you have no policy for the src/dst the traffic is not going to sneak by. Remember this is a security device and by design it block all traffic before any specific rules
PCNSE
NSE
StrongSwan
This looks more core switch related then fortigate related. The fortigate can only affect traffic between different vlans.
You would have to look for some feature for port isoation or so on your core switch maybe.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.