Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yas13899
New Contributor II

Created on ‎03-15-2022 03:29 AM

Internal network best design

Hello...

 

I have a FortiGate 600E device... 

In the current design there is one internal interface that connects all internal vlans to the firewall:

(10 users vlans, 1 guests WIFI vlan, 1 Servers Farm vlan)... This connection comes directly from a Cisco Nexus 9396 switch which is the default gateway for all of the vlans.

 

Now I want to separate these vlans from each others in order to set policies between the users' vlans, WIFI vlan and server farm vlan...  What I know is that I have to setup the vlans in the internal connection of FortiGate device and make it the default gateway for them instead of the Nexus switch.. Is this the right way??

And can the FortiGate 600E handle the routing instead of the Cisco Nexus device??

 

Any advice will be appreciated 

Labels:
1502
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-15-2022 09:06 AM

Yes and no, I guess. Moving the GWs for those VLANs from the Nexus switch to the 600E is only way to force inter-VLAN traffic to come to the FGT to regulate. The 600E probably can handle most of routing (L3) features you're currently doing with the Nexus but it might not do much of switching features unlike Nexus, ex. no access ports. So I would recommend leaving L2 features on the Nexus.

 

Toshi

View solution in original post

1476
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-15-2022 09:06 AM

Yes and no, I guess. Moving the GWs for those VLANs from the Nexus switch to the 600E is only way to force inter-VLAN traffic to come to the FGT to regulate. The 600E probably can handle most of routing (L3) features you're currently doing with the Nexus but it might not do much of switching features unlike Nexus, ex. no access ports. So I would recommend leaving L2 features on the Nexus.

 

Toshi

1477
yas13899
New Contributor II

Created on ‎03-15-2022 09:24 AM

Thank  you very much

In fact there is no need for any switching capabilities... Just isolating and controlling L3 and above traffic

1428
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.