Hot!SUBNET

Author
kingpin
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/08 22:28:07
  • Status: offline
2019/08/10 22:57:44 (permalink)
0

SUBNET

help me guys im new with fortinet my question is i have existing router MIKROTIK i have 16 subnet all connected in one interface but planning all to transfer  in fortinet 200e the same configuration because some of my switch is not manage switch. how to config one interfaces with 16 subnet thanks 
#1

13 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5236
    • Scores: 345
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SUBNET 2019/08/11 07:18:16 (permalink)

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #2
    Toshi Esumi
    Expert Member
    • Total Posts : 1642
    • Scores: 139
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SUBNET 2019/08/11 10:14:56 (permalink)
    0
    The max value doc for 6.0 says up to even 32/interface.
    https://help.fortinet.com.../6-0-0/max-values.html
    #3
    kingpin
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/08 22:28:07
    • Status: offline
    Re: SUBNET 2019/08/12 18:32:41 (permalink)
    0
    thanks for your reply but. what i need is i can configure in one interface the vlan. more that 16 subnet but my question is not working in ordinary switch. 
    #4
    kingpin
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/08 22:28:07
    • Status: offline
    Re: SUBNET 2019/08/12 18:44:54 (permalink)
    0
    my existing connection in one interfaces only all the 16 subnet are connected in one interfaces. i want to make the same in FGT so how. 
    #5
    emnoc
    Expert Member
    • Total Posts : 5236
    • Scores: 345
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SUBNET 2019/08/12 19:30:53 (permalink)
    0
    You need to explain your cfg secondarys are easier and vlans are easy we are not sure what your doing
     
    e.g secondary
     
    config system interface
        edit "dmz"
            set vdom "root"
            set ip 10.10.10.1 255.255.255.0
            set allowaccess ping https http fgfm capwap
            set type physical
            set role dmz
            set snmp-index 5
            set secondary-IP enable
            config secondaryip
                edit 1
                    set ip 10.200.1.1 255.255.255.0
                next
                edit 2
                    set ip 10.200.2.1 255.255.255.0
                next
                edit 3
                    set ip 10.200.3.1 255.255.255.0
                next
                edit 4
                    set ip 10.200.4.1 255.255.255.0
                next
                edit 5
                    set ip 10.200.5.1 255.255.255.0
                next
                edit 6
                    set ip 10.200.6.1 255.255.255.0
                next
                edit 7
                    set ip 10.200.7.1 255.255.255.0
                next
                edit 8
                    set ip 10.200.8.1 255.255.255.0
                next
                edit 9
                    set ip 10.200.9.1 255.255.255.0
                next
                edit 10
                    set ip 10.200.10.1 255.255.255.0
                next
                edit 11
                    set ip 10.200.11.1 255.255.255.0
                next
                edit 12
                    set ip 10.200.12.1 255.255.255.0
                next
                edit 13
                    set ip 10.200.13.1 255.255.255.0
                next
                edit 14
                    set ip 10.200.14.1 255.255.255.0
                next
                edit 15
                    set ip 10.200.15.1 255.255.255.0
                next
                edit 16
                    set ip 10.200.16.1 255.255.255.0
                next
                edit 17
                    set ip 10.200.17.1 255.255.255.0
                next
            end
        next
    end
     
    Ken

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #6
    kingpin
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/08 22:28:07
    • Status: offline
    Re: SUBNET 2019/08/21 03:15:10 (permalink)
    0
    sir why do i need DMZ.? only i need to config internal connection between the 17 different ip address. i want all this can connect each other. 
     
    thanks 
    #7
    kingpin
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/08 22:28:07
    • Status: offline
    Re: SUBNET 2019/08/21 03:17:35 (permalink)
    0
    thanks for your reply. sir i can config this thru vlan but there's no other way to config. without vlan . because most of my switch is regular switch
     
     
     
    #8
    kingpin
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/08 22:28:07
    • Status: offline
    OneOfUs
    Bronze Member
    • Total Posts : 30
    • Scores: 4
    • Reward points: 0
    • Joined: 2019/07/16 06:32:59
    • Status: offline
    Re: SUBNET 2019/08/21 06:52:21 (permalink)
    0
    You can change the firewall from switch to interface mode:
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD40353
     
    Then you can use secondary IPs (subnet) on the Interface as suggested previously or you can a create VLAN interface for each subnet.
    #10
    kingpin
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/08 22:28:07
    • Status: offline
    wearfear
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/06 08:34:33
    • Status: offline
    Re: SUBNET 2019/08/22 03:59:45 (permalink)
    0
    Create new interface and chose VLAN and attach it to your physical interface.
    If you are running 16 subnets on the same L2 Domain, you really should think about doing something about it.
     
    Mikrotik is very flexible and does everything that is possible, but it also does stuff that is REALLY bad practice which other providers usually block.
     
    I think fortinet only supports 2 IP's.
     
     
    #12
    kingpin
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/08 22:28:07
    • Status: offline
    Re: SUBNET 2019/08/22 21:24:53 (permalink)
    0
    thanks for your reply. but i try 16 vlan in one interface working but my question is how to communicate each other because in policy need to config 1 by 1. do i need to make group or zone for my vlan??? thanks
    #13
    wearfear
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/06 08:34:33
    • Status: offline
    Re: SUBNET 2019/08/23 06:24:33 (permalink)
    0
    You will need to create the 16 vlans and attach it to the interface that you want.
    Zones could be a good way to do it if you're never in the future gonna have to limit access between the vlans.
     
    Since it's a statefull firewall. If you expect hosts to start sessions both ways you need to make 2 policies for each VLAN interface permitting your traffic.
     
     
    #14
    Jump to:
    © 2019 APG vNext Commercial Version 5.5