Normally, when we come into a new environment we roll out a fortigate in transparent mode (between the client's switch and the router) Port 1 to switch and wan1 to router. This works wonderfully and allows us to perform layer 7 and traffic inspection with ease.
We however, have a new client that has 2 Cisco switches stacked with Cisco stack cables / modules (basically makes the dual 48 port switches look like 1 96 port switch) and then they use the 2 SFP ports on the top switch to connect to the upstream provider router. I believe there are also some vlans in the works as well for VOIP etc.
My question is this, can I place a Fortigate in between the stacked switches and the upstream router in this situation via transparent mode and it work?
My thought up design would be as follows
SFP1 and SFP2 on Cisco switch to SFP1 and SFP2 on Fortigate (these sfp ports would be combined in a software switch titled Inside.)
SFP3 and SFP4 on the Fortigate connect to the fiber strands that lead to the upstream router. (These sfp ports would be combined in a software switch titled Outside)
Would this setup work, even if I'm not sure of underlying vlans etc?
In my head this makes the most sense because then I can just make Inside to Outside and vice versa policies to keep things simple.
I may be missing something though.
Mike Pruett
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
That should work fine. Are the 2 top SFP ( to upstream router ) bonded?
PCNSE
NSE
StrongSwan
It will be. Two to the router bonded as a soft switch titled outside. Two to the switch bonded via soft switch as inside. That's the plan. Not sure if up stream router will like it or not. Might have to leave it unbonded on the fortigate and have two policy sets. My main worry is it not working because of the unknown vlans that are running. We are being added by client as additional support. Primary support isn't fond of us so they tend to keep some things secret.
Mike Pruett
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.