Diagram for reference - https://imgur.com/6eMsPCn
I am in the process of introducing an additional FortiNet FortiGate 200E firewall to create an Active-Passive configuration. There is currently a single 200E that has a fiber handoff for internet.
To facilitate the additional firewall, I am putting a Cisco Catalyst switch in front of the firewalls as depicted in the diagram. I am clear on how to make the FortiGates talk to each other, but need a sanity check on the networking going into the FortiGates.
I would move the fiber handoff to a port on the Catalyst switch (TenGigabitEthernet1/1/2) and connect port GigabitEthernet1/0/47 to port 14 the primary firewall (A) and port GigabitEthernet1/0/48 to port 14 on the secondary firewall (B).
This is what I was thinking.
Related Cisco Config:
interface Vlan100
description Internet
ip address 10.0.100.128 255.255.255.248 (using private IP just for demo purposes)
interface TenGigabitEthernet1/1/2
description Internet
switchport access vlan 100
switchport mode access
interface GigabitEthernet1/0/47
switchport access vlan 100
switchport mode access
interface GigabitEthernet1/0/48
switchport access vlan 100
switchport mode access
Related FortiGate Config:
Set up port 14 on both firewalls with VLAN 100
Is this correct? If not, what would I need to do differently?
No comments:
Post a Comment