Hey guys,
I'm hoping someone can help me. I have recently replaced unmagged switches with a Cisco 3650 switch and setup inter-vlan routing. I have created 4 vlans to segregate the network (vlan10 management, vlan20 servers, vlan30 end user device, vlan40 WiFi AP).
I have connected the fortigate (v5.4.5,build6225) to the switch (trunk port) and created the vlans on the fortigate interface connected to the switch. I have setup a default route on the switch to point traffic to the FW (IP in vlan10). the switch can ping all vlan interfaces on the FW but an end user device can't ping the FW. A work around to was enable Asymmetric routing but I understand this to be a test not a workaround.
As all traffic from the switch is going over vlan10 I have created the neccesary ipv4 policys to allow this traffic.
Can anyone shed some light where I am going wrong please? Attached is the topology.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
ede_pfau wrote:That's how it was setup originally but i had reverse path check issues. So asymmetric routing was enabled as a work around.yep, but halfways only...where are the VLANs on the switch? Why don't you declare the switchport which connects to the FGT as a VLAN trunk and run all 4 VLANs over it?
As did in FGT 300C & cisco3650, I didn't use any extra routing. I made ipv4 policies to allow access the users to another vlans.
It is working since 3 years.
Anurag Goyal
anurag wrote:Can you see any issues with the way I setup mine? I have 1 ipv4 policy instead of multiple if I have the VLANs configured on the FGT.As did in FGT 300C & cisco3650, I didn't use any extra routing. I made ipv4 policies to allow access the users to another vlans.
It is working since 3 years.
which is the default gateway for the devices L3 Switch or FG? if L3 then why you have subif on the FG If just create policies for the intervlan communication or a zone
Default gatway for L3 is FG, and yes it for inter vlan communication.
Anurag Goyal
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.