Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
7
Replies

Routing between 2 firewalls on layer 3 switch

kelly-shami
Level 1
Level 1

‎10-23-2025 05:15 AM - edited ‎10-23-2025 06:05 AM

I have two fortigate firewalls on different subnet and I want to do routing between them on a layer 3 switch guide me on how to do that mind you that I still have my switch enabled for routing.

kellyshami_0-1761222501113.png

The scenario is like this: the interface connected on the SW like eth1 and eth1 on both firewalls are having trunk and allowing different vlans and after I need to have routing between the two firewalls remember that my switch is enabled to have routing it means it is layer 3 so may I get help for the connectivity with my firewalls like the help me with ideas 

Thanks

 

Labels:
0 Helpful
7 Replies 7

Kasun Bandara
VIP
VIP

‎10-23-2025 06:18 AM

@kelly-shami hi, if you need to use L3 switch as a routing between 2 firewalls, you can create 2 subnets between FW1 - SW and FW2-SW. then option 1 is using static routing between switches and firewalls or option 2 use dynamic routing protocol like OSPF. 

but my concern is , is this real environment use case or testing use case? 

if its real use case, share the real requirement here so we can suggest best way to achieve your goal.  

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

kelly-shami
Level 1
Level 1

‎10-23-2025 06:27 AM - edited ‎10-23-2025 06:40 AM

Thanks for reaching out 
This is a real environment real case where the SW and two firewalls have different subnets FW1 has .5 subnet and FW2 has .3 subnet but when I want to ping the FW 1 from machine is unreachable yet FW 2 is reachable
Option 1 : Static route is the one we need because we don't have any other equipment that can act as a bridge like router for the firewall to do the routing between each other so static routing on layer 3 switch is more easy .

I reviewed different scenarios but neither didn't work 

What I need is to help me with how to configure it ?

kellyshami_1-1761225853823.png

 

 

 

Preview file
88 KB
0 Helpful

Kasun Bandara
VIP
VIP
In response to kelly-shami

‎10-24-2025 07:46 PM

@kelly-shami hi, thanks. in your PC, what is the gateway IP? is it pointing to the FW1 or 2 (assume your firewalls are not HA)? 

since you have a L3 switch in between two firewalls, you can simplify the setup by configuring 3 networks as below

internet ---- FW1 ---subnet1 --\

                                                       SW-----subnet 3 -------- User PC.

Internet ----FW2----subnet 2--/

User PC gateway can configure in L3 switch, and L3 switch can configure to send traffic towards to FW1 and FW2. assume those two firewalls are using for 2 different networks. in this setup L3 switch will be the first routing point for users.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

kelly-shami
Level 1
Level 1

‎10-24-2025 06:55 AM

@Kasun Bandara Any help on the above?

0 Helpful

MHM Cisco World
VIP
VIP
In response to kelly-shami

‎10-24-2025 07:59 AM

But it forti not cisco.

This cisco community and many engineers well known ftd/asa FW not forti

I think you need to re-post it in forti community.

MHM

0 Helpful

kelly-shami
Level 1
Level 1

‎10-24-2025 08:04 AM

@MHM Cisco World Actually the issue is to guide as the previous community member helped and asked me the real environment so he can guide me with how to configure so my issue can be resolved Maybe I may be configuring it wrongly 

0 Helpful

MHM Cisco World
VIP
VIP
In response to kelly-shami

‎10-24-2025 08:56 AM

Ok' 

If both FW run HW active/passive then you can config static route toward VIP of FW HA 

This make SW forwarding traffic to any FW active in time.

MHM

0 Helpful
Customers Also Viewed These Support Documents