Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheLordOfTheShells
New Contributor

Created on ‎12-31-2018 05:36 PM

[Question]Best way to setup Fortigate between Cisco Switch & Cisco Router.

Dear All,

I just bought a new fortigate firewall and want to intergrate with our old system has allready run. I'm quite new with fortigate so hope you guys will help for the best way to settup. For a brief overview.

1) 4321 cisco router connect to ISP 2) 3850 cisco switch has several Vlans and intervlan routing also being run on its. 3) 3850 Switch's default route will point to 4321 cisco router.

So now the question is if we need to install fortigate as firewall between cisco router and Sw Core how we can simply the config to the best way. We change the Topo and Ip to meet the best configuration so do not care much about the topo now.

 

ToPo.PNG
Preview file
21 KB
39478
0 Kudos
12 REPLIES 12
TheLordOfTheShells
New Contributor
In response to rwpatterson

Created on ‎01-04-2019 06:59 AM

rwpatterson wrote:

If you don't have the VLANs trunked between the switch and the Fortigate, how will the Fortigate police traffic? Is it in transparent mode?

Hi rwpatterson

Firewall Fortigate acts like a router, on that I run static route, see the picture attached bellow.

I can  not find any wrong here with static route.

Regards

 

StaticRoute.PNG
Preview file
20 KB
3494
0 Kudos
rwpatterson
Valued Contributor III
In response to TheLordOfTheShells

Created on ‎01-04-2019 09:02 AM

Because management wants to leave the Cisco router in place, your job is going to compounded. All traffic that needs to see your LAN will first have to be passed through the Cisco to the Fortigate, then the Fortigate will have to have policies in place as well. This is silly. The only thing the Cisco is adding is a layer of complexity (and possibly vulnerabilities if not patched as well). Every time you need to add a virtual IP for a server, you are going to have to place it on the Cisco, then map it to an IP on the Fortigate. Waste of time and resources. If you get paid by the hour, have a party. I'm salaried and have better ways to spend my work day.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
3494
0 Kudos
alexpb
New Contributor
In response to TheLordOfTheShells

Created on ‎01-20-2020 12:34 AM

Hi, I have a similar topology as TheLordOfTheShells. You could not show how the connection between cisco swith fortigate and cisco router is configured as an example of configuration files. I will be very grateful

 

 

 

3494
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.