Please refer the link for configuration of subinterface or router on stick configuration on fortigate firewall

https://youtu.be/bIeQyQKptRc

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https" security profiles : on action : allowed

Create implicit deny policy at bottom \ *this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny

Please refer the link for configuration of subinterface or router on stick configuration on fortigate firewall

https://youtu.be/bIeQyQKptRc

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https" security profiles : on action : allowed

*Create implicit deny policy at bottom \ this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny

Please refer the link for configuration of subinterface or router on stick configuration on fortigate firewall

https://youtu.be/bIeQyQKptRc

Please refer the link for configuration of subinterface or router on stick configuration on fortigate firewall

https://youtu.be/bIeQyQKptRc

If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall

Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans

And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway

And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.

Then after create outbound policy in perimeter firewall for internet access

source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON

Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet

Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip

inbound policy

source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https" security profiles : on action : allowed

Create implicit deny policy at bottom \ *this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall

Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny