Hi all,
our current setup is FG 80f acting as a firewall and NAT device with Layer3 switch acting as a router for office network and intervlan routing.
We would like to replace current layer3 switch with 2 switches from Forti ecosystem that can act as redundant routers.
Requirements are as following:
L3 switch handles intervlan routing
L3 switch acts as a router for private networks
L3 switch/es supports HSRP or VRRP
FG80f handles NAT and traffic inspection
Switch and future Forti AP-s are managed via FG80f
So basically i want central management for Forti network devices and L3 traffic between private networks to be handled on switches which are redundant gateway for client network devices.
Is that feasible ?
Regards,
Drazen
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Sego
Starting in FortOS 7.4.1 with FortiSwitchOS 7.4.1, managed FortiSwitch units can perform inter-VLAN routing.
https://docs.fortinet.com/document/fortigate/7.4.0/new-features/369021/support-inter-vlan-routing-by...
However I didn't test it and didn't read enough about it so I can't tell under which conditions it will work, i.e.: if it requires extra license or if it works for specific cases.
Also you may refer to FSW feature matrix to see which models support VRRP and inter-VLAN routing.
Hope it helps.
Hi,
Some FortiSwitch models support MCLAG, enabling switch-level failover. By creating all VLANs on the FortiSwitch and establishing a default route to the FortiGate-connected interface, you can efficiently redirect internet traffic.
please check the link below.
Hi Sego
Starting in FortOS 7.4.1 with FortiSwitchOS 7.4.1, managed FortiSwitch units can perform inter-VLAN routing.
https://docs.fortinet.com/document/fortigate/7.4.0/new-features/369021/support-inter-vlan-routing-by...
However I didn't test it and didn't read enough about it so I can't tell under which conditions it will work, i.e.: if it requires extra license or if it works for specific cases.
Also you may refer to FSW feature matrix to see which models support VRRP and inter-VLAN routing.
Hope it helps.
Hi Aek,
so....
Good thing is that interVLAN traffic no more needs to pass through FG, but bad news is that i must pay extra for that and also bad VRRP and rest of L3 goodies is available only in standalone mode.
So, my setup could/would like this:
1FG 80f in role of firewall, NAT, L3 router, VLAN termination with A and B ports connected to 2 Fortiswitches configured in MCLAG, interVLAN routing is supported ond FORTISWITCH 1024D and above with advanced feature licencom.
Opinions are welcomed please...
PS i forgot to mention that 10G from switch server load is highly welcome feature.
Hi Sego
Besides, here I notice that you are using entry level FG with big sized FortiSwitches (1024D is data center series). I'm not saying it is wrong but for me such combination is absolutely not common.
Except if it is for servers working together with very high load and connecting to internet with average bandwidth, then that would probably make sense.
Hi and sory for late answer, i was on free days....
Yes, im aware of that, but since these switches are first to have that feature there is no other option. I do believe that after some time replacing FG with stronger model is not going to be problematic one...
Regards,
Drazen
Probably you can't test&confirm it until you get FSWs if it can be done exactly what you want. But keep it in your mind at that time there is an option to make FSWs work in "standalone" mode so that you can keep the brain completely separated from your FG80F's for both L2 and L3 handling, just like you're doing with your current switches.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.