Hello to all Cybersecurity enthusiastic,
I would like to get some best practices, advices for my next project.
On one location we didn't do barely any segmentation since last IT Manager so it's time to make it more secure and better.
Current Situation is like this:
What would be a general recommendation?
I would like to segment it a bit more and create separate VLANs for Printers, VoIP, IoT, Backup Network etc.
Our Infrastructure is as follows:
2 x FortiGate 200F in an HA Cluster (Active/Passive)
2 x Core FortiSwitches in an MC-LAG
3 X Access FortiSwitches
I'm new to this forum.
I'm NSE4 certified.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Infotech22,
You can add additional VLANs on the interfaces in order to segment your network.
Please review the following article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-...
- Then firewall policies should be created to allow traffic from the switch interface to the interface or the VLAN to reach. NAT should be enabled were it is needed.
-BR-
Yes, that would be a smart approach
I have time to plan so baby steps for now :)
One more question for all of you :)
If I have VLANs with different subnets,
Examples:
Our Forti Infrastructure is MCLAG, does this means that traffic for clients to printers will go first to FortiGate then back to FortiSwitchse since this is Routing between subnets?
Hello,
As far the SW are managed by FGT is the FGT that will manage the traffic and routing part.
If you run a sniffer or PCAP on FGT GUI you will see traffic how it is going on FGT.
-BR-
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.