Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
1
Replies

implementing security with sg300 & sg200

CBITNetwork
Level 1
Level 1

‎05-13-2014 12:32 AM

Hello everybody, i'm jonathan.

I’ll explain my issue.

We have (this is an example) two subnets, 10.0.0.X & 10.0.15.X which can access everything on our network. And the subnets 10.0.1.X to 10.0.14.X which can only access internet and absolutely not the subnets above.

All of these subnets are distributed on 3 switch, a SG300-56, a SG200 and a SG300 with POE. And we have a fortigate 60C.

My first idea was to make vlans and acl’s but we have a lot of ports which can be moved (a lot of improvement in the society). Furthermore, on a port we have a server who uses, with the vm, two of the subnets (for example 10.0.0.X & 10.0.2.X).

So I’m a bit lost. Have you an idea to help me ?

Thank you.

Jonathan

 

Labels:
0 Helpful
1 Reply 1

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎05-13-2014 04:03 AM

 

Hi ,

  If you want ensure & maintain security for your LAN sub nets  , kindly move the gateway towards your fortigate 60c  from  distribution switches , by this way u dont want to write ACL on your distribution switches and manage it . (Subinterface on fortigate 60c )

   If your subnet is getting expanded downline , you can plan for mix

1) defining gateway on firewall { subinterface on firewall } for subnet which need control on access 

2) defining gateway on distribution switches  for subnet which dont need any access control . 

 

HTH

sandy

   

    

0 Helpful
Customers Also Viewed These Support Documents