Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

implementing security with sg300 & sg200

Hello everybody, i'm jonathan.

I’ll explain my issue.

We have (this is an example) two subnets, 10.0.0.X & 10.0.15.X which can access everything on our network. And the subnets 10.0.1.X to 10.0.14.X which can only access internet and absolutely not the subnets above.

All of these subnets are distributed on 3 switch, a SG300-56, a SG200 and a SG300 with POE. And we have a fortigate 60C.

My first idea was to make vlans and acl’s but we have a lot of ports which can be moved (a lot of improvement in the society). Furthermore, on a port we have a server who uses, with the vm, two of the subnets (for example 10.0.0.X & 10.0.2.X).

So I’m a bit lost. Have you an idea to help me ?

Thank you.

Jonathan

 

1 REPLY

 Hi ,  If you want ensure &

 

Hi ,

  If you want ensure & maintain security for your LAN sub nets  , kindly move the gateway towards your fortigate 60c  from  distribution switches , by this way u dont want to write ACL on your distribution switches and manage it . (Subinterface on fortigate 60c )

   If your subnet is getting expanded downline , you can plan for mix

1) defining gateway on firewall { subinterface on firewall } for subnet which need control on access 

2) defining gateway on distribution switches  for subnet which dont need any access control . 

 

HTH

sandy

   

    

32
Views
0
Helpful
1
Replies