- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Network design - need help
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Network design - need help
Hi all,
I would need your help in choosing the proper network equipment for my network project.
A company that I work in has a very old network and they asked me to write a project where we would replace the whole network. They use this network just for some basic stuff, surfing, etc., not for real work but need to be stable and safe. Since they have a lot of Cisco 3750G and 2960S switches, we can use them in the first phase and budget to use for the purchase of a firewall.
Here is what we have: - two BO connected to HQ over 1 Gbps dark (metro) fiber and one of these two has an additional 100 Mbps internet connection - one BO connected through 100 Mbps MPLS (probably will be replaced with the internet instead of MPLS) - ten BO connected to the internet (they are not imported but would be good to have them routed through the same network in feature)
At this point, we need hardware where we can connect two BO over dark fiber and one over MPLS to HQ. Also, HQ will have around 20 access switches and probably two or three distribution switches. In the second phase, sometimes in feature, we will add other BO to this network so the hardware should support it. We will have one server where we will add the Windows VM server to work as DHCP, DNS, AD, etc. We need multiple VPNs, multiple VLANs...
I was thinking of something like this:
HQ: Main firewall - FortiGate 400E - He would be connected to the main internet line, two dark fiber lines, one MPLS, and one for distribution switch for HQ Distribution switch - 3750G - He would connect to FortiGate, server, and access switches Do we need a router? (I mean, FortiGate can create VLANs and make VPNs, routing, etc. so my question is do we need ex. Cisco 4321 router?)
BO: two BO which goes through dark fiber would be FortiGate 100F with VPN connection another BO which goes through MPLS would use FortiGate 80F
Since we have a server, distribution, and access switches, we will need to purchase a firewall and eventually some additional equipment. Knowing management and how they decide, I will probably need to make two variants for this project so one will be expensive and another one will be "normal" that I prefer to have. Better to not mention that we can go with a lower price, you know what I mean :) Currently, we are paying a little bit over $2000 for support with one firewall we have and no one at our company likes it. We just want to get rid of it and change to FortiGate. Also, Management wouldn't be happy if they need to pay for support more than $4-5k yearly so I have to watch out for support that goes with FortiGate. Maybe take support just for the main firewall at HQ and not for BO?
Any suggestion would be much appreciated! In the next two weeks, I have to write roughly how much the project would cost. At this point, it is really hard to say how big is the budget for this project. I would separate HQ and BO so if they don't approve all at the same time, I want to get at least HQ so that I can start replacing that network. Since they don't have any VPN at the moment it shouldn't be a too big problem and there is no too much configuration on the current firewall and switches. This is an opportunity to make it properly!
0 REPLIES 0
Related Posts
Labels
-
FortiGate
6,519 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.