Routing Between Cisco 4507R+E Layer 3 Switch & UTM Firewall Fortigate

firewalllayer3routingswitch

Please Help me.

I have a Cisco Catalyst 4507R+E and UTM Firewall Fortigate and I Created VLANS on Catalyst and the main VLAN port Which Play IP Route between All VLANs can not connectet to the UTM Firewall unless create No Switch Port.

What is the Difference between Switch port mode & No Switch Port .

Best Answer

As said above switchport set the port to be layer 2, you assign a vlan to it and then need an SVI to configure L3 for ip connnectivity. If you do no switchport the port is layer 3 and you place an IP address directly on the port. I am guessing you want a static default route between the switch and the firewall. Dont forget you need routes in the firewall pointing back to the subnets you have configured in the switch

Related Solutions

Routing – Policy routing configuration in Fortigate

Since policy routes are evaluated top-down, you can work around this limit by placing a more specific entry matching traffic from internal subnet A to internal subnet B.

However, this should be less than comfortable if you have many different networks attached to your internal interface.

In this case, I would recommend you a trick I once used: since Fortigate devices ignore QoS marks, you should sign your "internet" packets on the firewall-facing port of your Cisco switch with a specific TOS and then use that mark in your policy-route.

Switch – Fortigate HA: how to locate switch port connected to passive unit

What you can do is SSH to the Active unit, then run:

execute ha manage <x>

where x is the ID of the other unit.

Then run

config system interface
edit "port1"
set status down
next 
edit "port1"
set status up
end

You can then log on to the switch (assuming it is logging interface UP/DOWNS) and see which interface went down.

Best Answer

Related Solutions

Routing – Policy routing configuration in Fortigate

Switch – Fortigate HA: how to locate switch port connected to passive unit

Related Topic