As per your diagram the

Eric Tan · ‎08-16-2017

hi all,

I intend to implement a Fortigate 300D firewall to my current network. After connecting all physically, the link from ASR to Fortigate can ping.

Taken that there is no policy in the firewall, everything is allowed. The traffic from server cannot route out of the ASR.

I have no idea how to route the traffic from L3 to L2.

Appreciate any advice. Have attached the network diagram and ASR config.

Mohammad Alhyari · ‎08-16-2017

As per your diagram the following routes should be there:

1- servers GW is the firewall

2- Firewall should have a default route pointing to the facing ASR interface.

3- The ASR should have a static route for the servers ip addresses pointing to the Firewall facing interface.

Mo

Julio E. Moisa · ‎08-16-2017

Hi

As Mohammad mentioned, verify the static routes on the Fortinet, I remember they are on the Route Section.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Eric Tan · ‎08-16-2017

hi all, the Fortigate is actually managed by my 3rd party developer. They just want to tap on to our infra. I belive they will config as they have use the same firewall in other deployments.

For ASR part, i have added this route - ip route 202.14.200.0 255.255.255.0 203.116.154.186

But still don't seem to work.

Im suspecting the routing have to do in the BGP portion ?

Routing L3 traffic to L2