TL;DR: Can one apply IPv4 Policy on an IP that is switched by Fortigate's own virtual switch?
The questions probably stems from some basic lack of understanding of how Fortigate applies policy.
Interface 1 on the Fortigate goes to the switches. Interface 2 goes to a router that routes to a remote subnet. Interface 1 and 2 are in a virtual switch. The router on Interface 2 has an IP in the same subnet as the endpoints on the switch (i.e. Interface 1).
Is there a way I can apply policy on whatever comes from Interface 1 to Interface 2 (and vice versa) ? Maybe I can break Interface 2 from the virtual switch? Does that mean I need to segregate Interface 2 into another subnet and give Fortigate and the router there their own IPs? The latter is not really an option for me.
No comments:
Post a Comment