Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MikePruett
Valued Contributor

Transparent Mode Via FIBER with VLANS

Normally, when we come into a new environment we roll out a fortigate in transparent mode (between the client's switch and the router) Port 1 to switch and wan1 to router. This works wonderfully and allows us to perform layer 7 and traffic inspection with ease.

 

We however, have a new client that has 2 Cisco switches stacked with Cisco stack cables / modules (basically makes the dual 48 port switches look like 1 96 port switch) and then they use the 2 SFP ports on the top switch to connect to the upstream provider router. I believe there are also some vlans in the works as well for VOIP etc.

 

My question is this, can I place a Fortigate in between the stacked switches and the upstream router in this situation via transparent mode and it work?

 

My thought up design would be as follows

 

SFP1 and SFP2 on Cisco switch to SFP1 and SFP2 on Fortigate (these sfp ports would be combined in a software switch titled Inside.)

 

SFP3 and SFP4 on the Fortigate connect to the fiber strands that lead to the upstream router. (These sfp ports would be combined in a software switch titled Outside)

 

Would this setup work, even if I'm not sure of underlying vlans etc?

 

In my head this makes the most sense because then I can just make Inside to Outside and vice versa policies to keep things simple.

 

I may be missing something though.

Mike Pruett Fortinet GURU | Fortinet Training Videos
2 REPLIES 2
emnoc
Esteemed Contributor III

 

That should work fine. Are the 2 top SFP ( to upstream router ) bonded?

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
MikePruett
Valued Contributor

It will be. Two to the router bonded as a soft switch titled outside. Two to the switch bonded via soft switch as inside. That's the plan. Not sure if up stream router will like it or not. Might have to leave it unbonded on the fortigate and have two policy sets. My main worry is it not working because of the unknown vlans that are running. We are being added by client as additional support. Primary support isn't fond of us so they tend to keep some things secret.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Top Kudoed Authors