Created on 02-25-2016 01:19 PM
I have a question design and configuration.
Explained up and down as I put the diagram.
I have 2 fortinet high availability with 2 Ip one inside and one outside
Outside -> 18.104.22.168/30
Inside -> 192.168.1.1/24
Now I have the L3 switch as follows:
- Four Vlan's
VLAN 1 -> 172.16.0.0/24 and 172.16.0.1/24 interface L3 Switch
VLAN 2 -> 172.17.0.0/24 and 172.17.0.1/24 interface L3 Switch
VLAN 3 -> L3 Switch interface 172.18.0.0/24 and 172.18.0.1/24
VLAN 4 -> 192.168.1.0/24 and 192.168.1.2/24 L3 Switch interface (to fortinet)
I in L3 switch a route 0.0.0.0.0 0.0.0.0 192.168.1.1
I have the following question, how do I make my fortinet communicate with vlan's? I create subinterfaces?
- I want to use explicit proxy but authenticated with Active Directory is in VLAN 2 - A site to site to go only VLAN 3
Thanks for the help.
Created on 02-28-2016 11:44 PM
Do you mean that you want to terminate the vlan on your Fortigate?
Under Interfaces you'll create a new interface and choose VLAN and the port connected to your switch.
Don't forget to configure a Trunk port on the switch going to your fortigate.
Im not sure if I understand your design. Its Access - Core design and FWs gateway to the Internet ? If you want to run L3 capability of SW at second layer of your topology you need to terminate all VLANs here in L3 manner. You cant use 172.16.0.0/24 address for example on the interface, since its a network IP.
You need to run L3 - L3 routing between fortigate and second layer of your desing.
it would be possible to attach the design in the drawing (and sense), the whole management of the vlan with fortinet? or designs is also necessary to manage the Internet network with the L3 and internet access with fortinet?
I accept recommendations for the best possible design.
Thanks for answering,
In the layer 3 switch, then you should not do routing? I'm a little lost with this design have placed me.
You don't have to do routing in the L3 Switch if you don't want to.
If you place the ip-addresses on the VLAN interface on the Fortigate then the fortigate will handle the routing.
You'll just have to create the policys.
If you do the Routing in L3-switch you have to use ACL to limit the traffic between the subnets.
If you prefer the L3 switch beeing the router, you'll just create static routes in the Fortigate pointing to 192.168.1.2.
What Default gateway does you clients have?
in order to make firewall communicate with the vlans you need first to make a routing between the firewall and the vlan and to make sure also that there is inter-vlan routing between the 4 vlans i do believe after implementing these firewall wall will communicate with all vlans as well