Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hamza_derbali
New Contributor

Created on ‎05-03-2024 06:21 PM

L2 communication spanning two firewalls

Hello,

 

I have the architecture outlined bellow, and communication needs to be established between the machines on the network 10.1.2.0/24 via FW 1 (Palo alto) and FW2 (fortigate). Any suggestions or insights on how to achieve this would be highly valued.

 

hamza_d_0-1714779769190.png

 

Thank you.

 

 

Labels:
363
0 Kudos
7 REPLIES 7
ramlinga1
New Contributor

Created on ‎05-03-2024 11:30 PM Edited on ‎05-09-2024 07:00 AM

I've used a separate network for [similar to] this in the past, subnetted with 255.255.255.252 so that only two hosts are allowed on the link. Not sure if it was the best way, but it worked https://tutuapp.uno/ .

326
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎05-04-2024 01:19 AM

Hi Hamza

At both firewall levels, you need either transparent VDOM or virtual wire pair.

It is available with FG and I guess PAN can do it as well.

https://docs.fortinet.com/document/fortigate/7.4.0/ips-architecture-guide/748610/transparent-mode

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/166804/virtual-wire-pair

 

AEK
AEK
309
0 Kudos
Hamza_derbali
New Contributor
In response to AEK

Created on ‎05-05-2024 08:13 AM

Hello @AEK ,

 

the first is a FortiGate firewall in NAT mode, while the second firewall is a Palo Alto. Unfortunately, I lack the capability to transition to a transparent mode.

231
0 Kudos
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎05-05-2024 08:45 AM

You don't need to convert the whole firewall to transparent mode, you can just create a transparent VDOM for that.

But the best solution I think is to correct your network to avoid this situation of having same subnet twice.

AEK
AEK
223
0 Kudos
talrejakit
New Contributor

Created on ‎05-04-2024 04:36 AM

I did this after I bought a firewall for a client and they didn’t inform me they’ve also been working with another local IT guy and I found a newer firewall placed in a mechanical room I didn’t know existed. My firewall now is their VPN concentrator, so at least it makes it easy for me to manage their VPN and NAS.

289
0 Kudos
Hamza_derbali
New Contributor
In response to talrejakit

Created on ‎05-05-2024 08:16 AM

hello @talrejakit ,
Could you provide a diagram to facilitate better understanding?

230
0 Kudos
hbac
Staff
Staff

Created on ‎05-06-2024 07:45 AM

Hi @Hamza_derbali

 

So you have 2 physical ports, one connected to the switch and one connected to 10.1.2.2. It is possible to put both ports in the same hardware switch and they will be in the same subnet. 

 

Regards, 

159
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.