Hi,
I want to create one DMZ with 2 vlans on foortigate 600d unit; is it possible?or whats the best way to do with 2 servers (mail server and database server)?
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can create VLANs in DMZ, why do you want to use vlan there?
Is it real dmz, what subnet do you have?
Fortigate <3
You can create VLANs in DMZ, why do you want to use vlan there?
Is it real dmz, what subnet do you have?
Fortigate <3
Yep, cause this dmz will contain load balancer(with a certificate ssl site) in a vlan and appli, database server for the other vlan.
any internet users can access this appli server via load balancer (with a certificate ssl) through firewall dmz.
to answers your question, i'll say to subnet x.x.252.0/25 and x.x.252.128/25 for 2vlans in the fortigate; and x.x.100.1 as wan (internet)address.
thx
ok, if you just want to put them in vlan you can create in: Network - interfaces - Create NEW: interface
Fortigate <3
Sorry i don't follow you, whts is the step?
1- create new interface dmz
2 create 2 vlans using one physical interface in dmz
what will be the external interface address of each vlans?knowing each vlan have a subinterface address.
3- create vip and mapping ??
thx
1-2) If you want vlans you create them on the physical interface you want.
- The external interface is the physical interface that you chose.
- Then you have 2 sub interface inside of your physical interface.
3) yes, if this is the way you want do do it.
- What is your network setup after the physical interface? Do you terminate direct to a VM server/switch?
Fortigate <3
ok thanks again
my archi is that:
1- internet connected to firewall with https 443 port
2- firewall have 2 Dmz (1dmz manage packets from govt , and the other dmz i want to create is for web server(vlan_100) and applicatif server)
3-the firewall is connected to a cisco distribution switch in which there are some vlans too.
4- after the switcch is connected to a cisco router.
thx
Ok, if i understand you correct
1) setup your vlans in your dmz interface and tag it from the switch to the server/router.
2) Setup policyes and vip it to your vlan.
Fortigate <3
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.