I am trying to use a fortigate 60F to segregate my OT network, so SCADA from ICS. I already have switches in place, so trying to use what is there. Currently testing on the bench, with 2 managed switches connected to the FGT, each switch represents one VLAN, as below:
VLAN 10 - 10.1.0.0/24
VLAN 11 - 10.1.1.0/24
I have assigned physical interfaces (left at 0.0.0.0/0) to VLAN switches (as above).
Alternatively assigned VLAN interfaces to the physical interfaces (0.0.0.0/0 again).
Both with bidirectional firewall policies.
Using VLAN switches, which was the best result, I can link to one switch, and get to the FGT but not to a device or other switch in the other VLAN; the FGT can ping devices on either VLAN. What am I missing? Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Which interfaces did you put in ICS Zone and SCADA Zone? Can you share a screenshot of the those interfaces' config?
On the other hand (but not related to your issue) I don't think it is a good idea to NAT the traffic, unless you have a good reason.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1475 | |
1007 | |
749 | |
443 | |
207 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.