Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ULL1903
New Contributor

Created on ‎12-29-2024 08:35 PM

SECURITY

Hello community, I am thinking about implementing a FortiGate device in my network. However, due to the topology of the network, I have questioned whether or not to replace my Core Router directly with a FortiGate. What has been your experience? Regards.

Labels:
941
0 Kudos
11 REPLIES 11
xeniacanary
New Contributor

Created on ‎12-29-2024 10:37 PM

Replacing your core router with a FortiGate device depends on your network needs. While FortiGate offers robust security features like firewall protection, VPN, and intrusion prevention, core routers handle routing protocols and large-scale traffic. I recommend using FortiGate as a security appliance alongside your core router rather than replacing it entirely, as core routers are optimized for routing functions that FortiGate may not fully support. This approach ensures both strong security and efficient network routing.

716
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎12-29-2024 10:40 PM

Hi @ULL1903 ,

 

Without a network topology diagram, it's really hard to provide you with any recommendations.

 

However, you may use the Core Router as the Gateway for the FortiGate device.

Regards,

Jerry
712
ULL1903
New Contributor
In response to dingjerry_FTNT

Created on ‎12-30-2024 10:33 AM

Hi dingjerry_FTNT This is a simplified example of how the topology is. Based on the primary need to shield the network from external threats, I was thinking about the implementation between the CCR and Core teams.
 
Your paragraph text.jpg
613
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to ULL1903

Created on ‎12-30-2024 10:46 AM Edited on ‎12-30-2024 10:46 AM

The simplest is to just replace the core router with the FGT because the diagram doesn't suggest it's handling multiple routing protocols currently.

Toshi

606
Rajneesh
Staff
Staff

Created on ‎12-29-2024 11:03 PM

Hello @ULL1903 

Following points need to checked:

1. Make sure the device supports the protocols which are running on your existing device.

2. Firewall policies needs to be correctly applied, else it will break the communicationn.

3. Device hardware capability.

4. Network topology as mentioned by the other members, it plays the important role

688
Yurisk
SuperUser
SuperUser

Created on ‎12-30-2024 01:17 AM

What is the current vendor and model of your Core router ?

Yuri Slobodyanyuk
Yuri Slobodyanyuk
663
0 Kudos
ULL1903
New Contributor
In response to Yurisk

Created on ‎12-30-2024 04:44 PM

MK CCR2116-12G-4S+

548
0 Kudos
Cajuntank
Contributor II

Created on ‎12-30-2024 08:35 AM

As others have asked, your topology and requirements would allow for a more complete answer, but for sake of just adding some further insight, using myself as an example, I use a FortiGate solution as my core router at my data center for specific subnets I want to perform security inspection on. So while my Aruba CX equipment does L3 routing for some network subnets from my WAN sites, my FortiGate does L3 routing and security inspection for those subnets at my datacenter I want that added level of protection on.

624
0 Kudos
ULL1903
New Contributor
In response to Cajuntank

Created on ‎12-30-2024 10:34 AM

Hi Cajuntank, This is a simplified example of how the topology is. Based on the primary need to shield the network from external threats, I was thinking about the implementation between the CCR and Core teams. Your paragraph text.png
 
 
 
611
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.