Hello,
I have the architecture outlined bellow, and communication needs to be established between the machines on the network 10.1.2.0/24 via FW 1 (Palo alto) and FW2 (fortigate). Any suggestions or insights on how to achieve this would be highly valued.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I've used a separate network for [similar to] this in the past, subnetted with 255.255.255.252 so that only two hosts are allowed on the link. Not sure if it was the best way, but it worked https://tutuapp.uno/ .
Hi Hamza
At both firewall levels, you need either transparent VDOM or virtual wire pair.
It is available with FG and I guess PAN can do it as well.
https://docs.fortinet.com/document/fortigate/7.4.0/ips-architecture-guide/748610/transparent-mode
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/166804/virtual-wire-pair
Hello @AEK ,
the first is a FortiGate firewall in NAT mode, while the second firewall is a Palo Alto. Unfortunately, I lack the capability to transition to a transparent mode.
You don't need to convert the whole firewall to transparent mode, you can just create a transparent VDOM for that.
But the best solution I think is to correct your network to avoid this situation of having same subnet twice.
I did this after I bought a firewall for a client and they didn’t inform me they’ve also been working with another local IT guy and I found a newer firewall placed in a mechanical room I didn’t know existed. My firewall now is their VPN concentrator, so at least it makes it easy for me to manage their VPN and NAS.
hello @talrejakit ,
Could you provide a diagram to facilitate better understanding?
Hi @Hamza_derbali,
So you have 2 physical ports, one connected to the switch and one connected to 10.1.2.2. It is possible to put both ports in the same hardware switch and they will be in the same subnet.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.