Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
2
Replies

Cisco3750 and Fortigate 60D Setup

Go to solution
Charalampos Prevezanos
Level 1
Level 1

‎07-13-2018 12:45 AM - edited ‎03-08-2019 03:40 PM

Hello everyone,i would like your input on which way to go on the following task

Vlan10 Data

Vlan20 Voice

Vlan 30 Guest

Vlan 90 Management

I will post my switch config so you can see what i have done so far,and also take note that i have created all these vlans on the Fortigate witch their Dhcp using zones so i can have inter vlan communication.

Im confused,is this the right way to go or do the routing on the switch,also dhcp on the switch? 

And what is the correct way to go,im a newbie pls help :)

 

Labels:
Preview file
14 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎07-13-2018 01:26 AM

Hi there,

If you require ACLs between your VLANs then it makes perfect sense to implement this on the Fortigate, this is made easier by its stateful inspection.

 

The only problem you may have is the 100Mb link to the Fortigate which you are using. You may find that the inter-VLAN traffic traveling up and down that single link will create congestion. If this occurs, either create and ether-channel between the switch and firewall or implement QoS to shape the traffic.

 

You other option if inter-VLAN security does not require extensive ACLs, move the routing to the 3750, use ACLs on the SVIs, and have a link point-to-point link to the Fortigate for internet/ DMZ traffic.

 

cheers,

Seb.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎07-13-2018 01:26 AM

Hi there,

If you require ACLs between your VLANs then it makes perfect sense to implement this on the Fortigate, this is made easier by its stateful inspection.

 

The only problem you may have is the 100Mb link to the Fortigate which you are using. You may find that the inter-VLAN traffic traveling up and down that single link will create congestion. If this occurs, either create and ether-channel between the switch and firewall or implement QoS to shape the traffic.

 

You other option if inter-VLAN security does not require extensive ACLs, move the routing to the 3750, use ACLs on the SVIs, and have a link point-to-point link to the Fortigate for internet/ DMZ traffic.

 

cheers,

Seb.

0 Helpful

Go to solution
Charalampos Prevezanos
Level 1
Level 1
In response to Seb Rupik

‎07-13-2018 02:51 AM

Thank you very much for your input,i want to go with Firewall solution and keep everything on it, i will be using a 100D because 60D does not support LACP for the 100 port issue you mentioned and you are right it will be a problem

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card