Re: Not all can reach the Internet when we backed the VLANs to a layer 3 switch
Moving the VLAN gateway can be done by exchanging the port IP address, from FGT to Nexus. That should be all, apart from moving the routes as well - the FGT doesn't need routes when one of it's ports carries a VLAN IP address but the switch will need routes.
As a sidenote, I wonder how the FGT is ill-configured if it appears to be a bottleneck. The VLANs will no doubt use the 10G ports, so that potentially each VLAN can use 10Gbps. The firewalling figure in the FGT datasheet states that this model is capable of fully servicing the 10G ports. Is your network really as busy as that, or do you have UTM active on the 10G ports? In this case, you're more limited to 1-3 Gbps.
Putting the VLAN gateways will not help in this case, except for the case where you bypass the FGT for backups. But, you could do that as well with a 'naked' policy just for the backup (filtered by hosts, service, or time).
Ede " Kernel panic: Aiee, killing interrupt handler!"