hi team,
really a big headache here.
We are delivering desktops to users using Microsoft SCCM + Autopilot. during the autopilot task sequences, it's very likely to give the error "Oops, you've lost internet connection" though I can call the CMD to ping Internet and ping works.
To eliminate our LAN infrastructure , I created a VLAN type interface on fortigate firewall, and trunk the VLAN to our coreswitch, then trunk to the access switch. Also, I set up a DHCP server under that VLAN type interface so it can assign IP address to the desktop during the enrollment. So the topology is like:
ISP <-> Fortigate <-> Coreswitch <-> ACCESS switch.
The VLAN type interface on FW is the gateway of the VLAN for Autopilot enrollment.
Also, to get rid of the firewall policy impact to the traffic, I created a policy accepting all from that VLAN subnet, applied no security profile on it, and I do see the traffic from that VLAN hit the policy as expected.
The VLAN interface configuration in GUI is basically as below. One thing I am not sure is the NTP and timezone, if I leave it blank, will it follow the FW's date and time? If i manually change it, will the change impact something?
and here is the FW basic information
to compare, we tried using a physical port 1 directly from FW, connecting the laptop to the physical port, and the Autopilot task sequence runs very well, and I put the physical port and the VLAN type interface to the same firewall policy actually.
Can anyone give any suggestions..
Hi @sean3,
So if you connect directly from physical interface and policy without any security profiles, it is working but if with vlan and switch it is not working even without security profile?
exactly. but the traffic from switch hit the same policy as the traffic directly from the physical port on FW, and there is no drop as I checked traffic logs from ForitiAnalyzer
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.