in My current scenario i have two Cisco 5520 ASA running in Active/standby mode and a single Fortinet unit is connected to primary firewall.
every thing is working smooth, and Firewall is failing over properly in case of link failures.
Now we want to add a secondary Fortinet unit , as per Fortinet documenation, Fortinet internal and external interfaces must be connected with some hub/switch ( Diagram attached ) where as i was planning to place it in between second Cisco ASA and core. is that right place to plug it in?
or i really need to introduce a hib/switch in internal and external side as per diagram mentioned by Fortinet?
Need advise for placement of fortinet.
Attached is my current design and Fortinet manual proposal design.
we thought it was that simple too, we have a Port-channel Trunk with 3 vlans that pass between the core and the firewall. we are on our 3rd attempt to put the fortigate "in-line" and have it sucessful. we configured the fortigate interfaces as an aggregate in LACP mode and created the internal and external vlans's on the fortigate as suggested in there documenation.
first attempt fortinet told us er needed to use there forwarding domainn feature
2nd attempt they told us we had to enable STP on the fortigate
3rd attempt we were using "Port-Pairs" between the vlans and things seemed better they had to disable "anti-spoofing" and it got a litte better, but DHCP was still not acting quite right.
we have had quite the challange getting this fortigate in place, 1 thing that we do have is... the firewall is actually the Default gateway for the clients and 2 of the vlans are wireless networks that run in H-REAP\Flexconnect mode
I am attempting to setup a Fortigate in Transparent mode for IPS services between our Cisco ASA active/standby mode firewalls just like you have in your diagram. Did you have an aggragate and a trunk going between the fortigate and ASA's? or was it just an access port? we have had a terrible time getting this configutration running in our environment and Fortinet support has been less than helpful
I know the basics for Cisco routers and switches but what I want to know is, if I set up VTP on a switch, is there a way to send it through routers to other switches? This will probably end up more hassle than gain, but it's interesting and cool to p...