Hey guys,
As the title mentions I am wondering if to use Fortinet or ISE for micro segmentation for guest, PCI, end users and remote access VPN`s.
So far I know Fortinet 600e models can do it via Fortimanager but I am wondering if it`s worth it, we got the Meraki 225, 350x, 425 ms series switches.
Edge - Fortinet 600e`s
Collapsed core- ms425
Access switches = ms 225, ms350x
Wireless - MR46 Meraki AP
All of our gateways are on the Fortinet edge firewalls for this site and our branches.
I am stuck between using Fortinet or ISE to do this, also I am aware SXP is a whole different consideration for SGT planning I believe the switches here can do SXP.
I was also hearing SGT`s are stateful so i need to create SGACL`s to allow traffic both ways?
Lastly a question on SGT I am used to using one matrix is their any reason to use two matrix list? we only have about 1300 or so IT devices.
No comments:
Post a Comment