Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amateolo
New Contributor

Routing between Fortinet D100 and Switch L3

Hi Experts,

 

 

I have a question design and configuration.

Explained up and down as I put the diagram.

I have 2 fortinet high availability with 2 Ip one inside and one outside

Outside -> 1.1.1.1/30

Inside -> 192.168.1.1/24

Now I have the L3 switch as follows:

- Four Vlan's

VLAN 1 -> 172.16.0.0/24 and 172.16.0.1/24 interface L3 Switch

VLAN 2 -> 172.17.0.0/24 and 172.17.0.1/24 interface L3 Switch

VLAN 3 -> L3 Switch interface 172.18.0.0/24 and 172.18.0.1/24

VLAN 4 -> 192.168.1.0/24 and 192.168.1.2/24 L3 Switch interface (to fortinet)

I in L3 switch a route 0.0.0.0.0 0.0.0.0 192.168.1.1

 

I have the following question, how do I make my fortinet communicate with vlan's? I create subinterfaces?

- I want to use explicit proxy  but authenticated with Active Directory is in VLAN 2 - A site to site to go only VLAN 3

 

  Thanks for the help.

7 REPLIES 7
Nils
Contributor II

Hi,

Do you mean that you want to terminate the vlan on your Fortigate?

Under Interfaces you'll create a new interface and choose VLAN and the port connected to your switch.

Don't forget to configure a Trunk port on the switch going to your fortigate.

 

 

amateolo
New Contributor

Thanks for answering,

 

In the layer 3 switch, then you should not do routing? I'm a little lost with this design have placed me.

volkovski
New Contributor III

Hi,

Im not sure if I understand your design. Its Access - Core design and FWs gateway to the Internet ? If you want to run L3 capability of SW at second layer of your topology you need to terminate all VLANs here in L3 manner. You cant use   172.16.0.0/24 address for example on the interface, since its a network IP.

You need to run L3 - L3 routing between fortigate and second layer of your desing.

amateolo

it would be possible to attach the design in the drawing (and sense), the whole management of the vlan with fortinet? or designs is also necessary to manage the Internet network with the L3 and internet access with fortinet?

I accept recommendations for the best possible design.

Nils
Contributor II

amateolo wrote:

Thanks for answering,

 

In the layer 3 switch, then you should not do routing? I'm a little lost with this design have placed me.

You don't have to do routing in the L3 Switch if you don't want to.

If you place the ip-addresses on the VLAN interface on the Fortigate then the fortigate will handle the routing.

You'll just have to create the policys.

If you do the Routing in L3-switch you have to use ACL to limit the traffic between the subnets.

If you prefer the L3 switch beeing the router, you'll just create static routes in the Fortigate pointing to 192.168.1.2.

 

What Default gateway does you clients have?

amateolo
New Contributor

At this time, it is only a design on paper, we have nothing even in production.

 

So you ask for recommendations, the experts.

adham
New Contributor

in order to make firewall communicate with the vlans you need first to make a routing between the  firewall and the vlan and to make sure also that there is inter-vlan routing between the 4 vlans i do believe after implementing these firewall wall will communicate with all vlans as well