Question regarding using our Fortigate for internal segmentation
Hello. I'm working on using our 101E for internal network segmentation. I've set up a LAG port to use to increase the amount of bandwidth available for segment to segment communication. I would like to route Internet access through a separate interface than the LAG port. The reason being is that I have a third party IDS that I want to continue mirroring Internet traffic to and the LAG port on the Cisco switch we use won't allow setting it up for port mirroring.
So I want to route internal traffic through the LAG and Internet traffic through a different port on the Fortigate.
When I add an IP address to the LAG port that is on our main subnet, the Fortigate automatically starts routing all traffic for that subnet to the LAG port. This takes things down as far as Internet access. The LAG port needs to be reachable by internal workstations, so it needs an IP that is reachable by the subnet.
Does someone have recommendations on how to set this up?