dmz Migration

sims · ‎09-09-2022

Hi

I have the below topology , I want to migrate all dmz and dc networks to site 2 .

In the site 1 there are two firewalls ASA and FORTIGATE .The perimeter firewall is asa . The Dmz network is 172.16.12.0/24 on ASA and in the FG it is 172.16.10.0/24 . There is A DMZ vdom in fortigate .

currently SITE 1 FG is Translating 172.16.12.0 /24 to 172.16.10.0/24 (Dmz serverIP'S)

Stage 1 : I want to move DMZ vdom from the SITE 1 -FG to and site -2 FG

Stage 2 : Remove ASA

How can I achieve this , any pros and cons

Thanks

rosatechnocrat · ‎09-10-2022

You have to share more details on the design to tell you more

1> IP addressing scheme/ VLAN details.

2> Are the same VLAN's are already available in Site2 , as from the diagram it seems you can have same vlans extended being connected in same cores.

3> You can plan to migrate based on vlans/subnets, By configuring a new gateway/interface IP on Fortigate and then changing the routes.

Rosa Technocrat --

Also on YouTube---

Please do Subscribe

sims · ‎09-10-2022

Hi @rosatechnocrat

site1 the actual dmz ip which is natted with the external ip addresses are 172.16.12.0/24

on fortigate it is 172.16.10.0/24 , so I am translating (one to one ) 172.16.12.0/24 to 172.16.10.0/24

For example on ASA , 172.16.12.50 natted to 1.1.1.1

and on fortigate it is nated again to 172.16.10.50

Between site 1 and 2 are l3 connectivity .

dmz Migration

Nominate a Forum Post for Knowledge Article Creation