Return to Answer

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https"
security profiles : on action : allowed

Create implicit deny policy at bottom \ *this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny

setup diagram

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https" security profiles : on action : allowed

*Create implicit deny policy at bottom \ this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny

Setup diagram

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https"
security profiles : on action : allowed

Create implicit deny policy at bottom \ *this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https"
security profiles : on action : allowed

Create implicit deny policy at bottom \ *this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny

setup diagram

If your using fortigate firewall as core or perimeter devices and cisco sg 300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Connect sg300 switch to fortinet firewall with trunk link allowing all vlan

Have a default route in sg300 switch pointing toward fortigate firewall LAN interface (inside interface)

And configuration public ip of isp on outside interfàce of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in sg 300 switch create all vlan used in fortigate subinterface
And connectiing servers and desktop and access switch according as per your requirement .

Fortigate firewall requires a static route with all subinterface subnets as destination and pointing towards sg300 switch egress interface

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https"
security profiles : on action : allowed

Create implicit deny policy at bottom \ *this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny