Hi everybody. I am new to the forum but I have run into a brick wall and would like to see some advice regarding a soution that I am working on.
My customer has a HA fortigate pair - another vendor Core switching - another vendor access switches.
They have requested that Fortswitches replace their access layer switches.
So the new solution wil have fortigates - another vendor core switch - FortSwitch access switches.
So, If I connect the fortswitches to Fortigate using the normal configuration methods, the FortiLink will be the default route for the traffic.
I do not want this. I want the core switches to be the default gateway for the traffic.
Can I create a route towards the core switches or do I have to consider Fortilink over L3 deign.
Thank you in advance for your time.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 03-13-2022 07:19 PM Edited on 03-14-2022 01:58 AM
Hello fortime,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Fortinet Community Team
Hi RJ - Thank you for your response.
This approach is not documented so much. I think the approach should be either to use fortilink over Layer 3 for management only and then I can route traffic towards the core switch or else to use the switches in standalone mode.
I look forward to your feedback.
Hi Fortime,
I hope this is what you are trying to achieve. FSW managed over L3.
Once managed the L3 FSW will automatically create Fortilink trunk connecting to uplink network.
Then you can create vlan on FGT and map them to L3 FSW. However these vlan are local to the network. As seen in the above scenario the vlan 20 vlan 30 can be created under Fortigate fortilink interface and map to the FSW port. But the same vlan need to be available locally (as in Network 2) as gateway for those vlans. The FSW will forward traffic locally as in the scenario L3 router vlans.
the Router will have to manage the vlan taffic from L3 FSW to destination as intended.
These vlan traffic will not reach Fortilink via capwap.
Regard,
Ritesh P V
As a follow up question to this same topic Fortilink over L3 topic. Is there some way to allow the use of the capwap tunnel to traverse traffic from the vlan 20/30 in the example? So that the Fortigate becomes the layer 3 gateway of those vlans?
No.
The vlan config can be pushed from FGT to managed FSW but that vlan is local to the network and FGT cannot be gateway for these vlans.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.