Normally, when we come into a new environment we roll out a fortigate in transparent mode (between the client's switch and the router) Port 1 to switch and wan1 to router. This works wonderfully and allows us to perform layer 7 and traffic inspection with ease.
We however, have a new client that has 2 Cisco switches stacked with Cisco stack cables / modules (basically makes the dual 48 port switches look like 1 96 port switch) and then they use the 2 SFP ports on the top switch to connect to the upstream provider router. I believe there are also some vlans in the works as well for VOIP etc.
My question is this, can I place a Fortigate in between the stacked switches and the upstream router in this situation via transparent mode and it work?
My thought up design would be as follows
SFP1 and SFP2 on Cisco switch to SFP1 and SFP2 on Fortigate (these sfp ports would be combined in a software switch titled Inside.)
SFP3 and SFP4 on the Fortigate connect to the fiber strands that lead to the upstream router. (These sfp ports would be combined in a software switch titled Outside)
Would this setup work, even if I'm not sure of underlying vlans etc?
In my head this makes the most sense because then I can just make Inside to Outside and vice versa policies to keep things simple.
It will be. Two to the router bonded as a soft switch titled outside. Two to the switch bonded via soft switch as inside.
That's the plan. Not sure if up stream router will like it or not. Might have to leave it unbonded on the fortigate and have two policy sets.
My main worry is it not working because of the unknown vlans that are running.
We are being added by client as additional support. Primary support isn't fond of us so they tend to keep some things secret.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.