I have two routers serving a lot of EIGRP neighbors and are neighbors together. I have to use a Fortigate device between two routers and prefer to configure it in NAT mode. Putting the Fortigate in between, the EIGRP neighborship breaks and the dynamic routing protocol fails even if I set any any allow rule between two points. As a matter of fact, somehow it is not possible to use different IP sets at both sides and fire up the routing protocol. So, what are my choices?
Do static routing?
configure the firewall in transparent mode?
do any special config to make the EIGRP protocol work in this way?
The concept seems to be similar to setting up a tunnel but originally designed to use BGP over the internet as underlying protocol. But seems to work even without it as long as both ends can reach each other like in the above article.
In any case, it's about how to set up Cisco routers at both ends so it's much proper to ask it at Cisco Community instead for this option.
If you tunnel via GRE or anything, traffic will not be examined and no security policy works. I already tested it to make sure and was right and it should be this way.
BGP, OSPF and route redistribution is a choice but complex to implement and tshoot.
I will ask in Cisco forums but the first answer is routing protocols redistribution and static routing. I'm asking here because maybe something like Wire Pair or Multicasting or transparent mode is an option ...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.