Hello...
I have a FortiGate 600E device...
In the current design there is one internal interface that connects all internal vlans to the firewall:
(10 users vlans, 1 guests WIFI vlan, 1 Servers Farm vlan)... This connection comes directly from a Cisco Nexus 9396 switch which is the default gateway for all of the vlans.
Now I want to separate these vlans from each others in order to set policies between the users' vlans, WIFI vlan and server farm vlan... What I know is that I have to setup the vlans in the internal connection of FortiGate device and make it the default gateway for them instead of the Nexus switch.. Is this the right way??
And can the FortiGate 600E handle the routing instead of the Cisco Nexus device??
Any advice will be appreciated
Solved! Go to Solution.
Yes and no, I guess. Moving the GWs for those VLANs from the Nexus switch to the 600E is only way to force inter-VLAN traffic to come to the FGT to regulate. The 600E probably can handle most of routing (L3) features you're currently doing with the Nexus but it might not do much of switching features unlike Nexus, ex. no access ports. So I would recommend leaving L2 features on the Nexus.
Toshi
Yes and no, I guess. Moving the GWs for those VLANs from the Nexus switch to the 600E is only way to force inter-VLAN traffic to come to the FGT to regulate. The 600E probably can handle most of routing (L3) features you're currently doing with the Nexus but it might not do much of switching features unlike Nexus, ex. no access ports. So I would recommend leaving L2 features on the Nexus.
Toshi
Thank you very much
In fact there is no need for any switching capabilities... Just isolating and controlling L3 and above traffic
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.