F5F Stay Refreshed Power Users Networks Separate network prior to firewall installation

Separate network prior to firewall installation

Separate network prior to firewall installation

W
Willaem
Member
Find
77
06-17-2021, 04:11 AM
#1
The issue involves separating two networks within Company A’s infrastructure while maintaining shared internet access. The current setup uses building #1 as the internet hub, with building #2 connected via fiber through switches and an ONT. To isolate the networks, bypassing the firewall entirely isn’t recommended. Instead, consider routing traffic through a dedicated device like an EdgeRouter to manage the connection between the ONT and the firewall. This approach keeps the existing hardware functional and simplifies configuration.
Reply
Reply
W
Willaem
06-17-2021, 04:11 AM #1

The issue involves separating two networks within Company A’s infrastructure while maintaining shared internet access. The current setup uses building #1 as the internet hub, with building #2 connected via fiber through switches and an ONT. To isolate the networks, bypassing the firewall entirely isn’t recommended. Instead, consider routing traffic through a dedicated device like an EdgeRouter to manage the connection between the ONT and the firewall. This approach keeps the existing hardware functional and simplifies configuration.

Reply
Reply
K
KyleAlan
Junior Member
Find
43
06-17-2021, 12:36 PM
#2
Which firewall type? Simply provide another subnet for your business, then stop all traffic to theirs. Usually only one gadget connects at once since it limits to one IPv4 address.
Reply
Reply
K
KyleAlan
06-17-2021, 12:36 PM #2

Which firewall type? Simply provide another subnet for your business, then stop all traffic to theirs. Usually only one gadget connects at once since it limits to one IPv4 address.

Reply
Reply
F
fukboi__
Member
Find
68
06-19-2021, 01:31 AM
#3
It's a Fortigate 80E. Our current firewall settings would still impact us. We're unable to connect to the network in building #2, likely due to those rules. The ONT typically allows only one device at a time, but if it supports advanced features like a layer3 switch or routing, we might be able to extend connectivity to separate groups.
Reply
Reply
F
fukboi__
06-19-2021, 01:31 AM #3

It's a Fortigate 80E. Our current firewall settings would still impact us. We're unable to connect to the network in building #2, likely due to those rules. The ONT typically allows only one device at a time, but if it supports advanced features like a layer3 switch or routing, we might be able to extend connectivity to separate groups.

Reply
Reply
P
PassTheBass
Junior Member
Find
41
06-22-2021, 09:28 AM
#4
Routes can be configured on the Fortinet to manage multiple subnets and regulate traffic between them. Placing an L3 switch prior to the Fortinet functions similarly to adding a router, allowing the Fortinet to handle these tasks efficiently.
Reply
Reply
P
PassTheBass
06-22-2021, 09:28 AM #4

Routes can be configured on the Fortinet to manage multiple subnets and regulate traffic between them. Placing an L3 switch prior to the Fortinet functions similarly to adding a router, allowing the Fortinet to handle these tasks efficiently.

Reply
Reply
M
meandmoreme
Member
Find
188
06-23-2021, 04:36 AM
#5
Reply
Reply
M
meandmoreme
06-23-2021, 04:36 AM #5

Reply
Reply
X
XWeeezy
Member
Find
65
06-25-2021, 02:52 AM
#6
It varies; if they’re just receiving one public IP, it’s likely set up by the firewall and you’re safe.
Reply
Reply
X
XWeeezy
06-25-2021, 02:52 AM #6

It varies; if they’re just receiving one public IP, it’s likely set up by the firewall and you’re safe.

Reply
Reply
R
Ronoris
Junior Member
Find
42
07-02-2021, 11:34 PM
#7
If it's an FG 80e, I'll generate three VDOMs. One for the WAN, one for Corp1, and another for Corp2. The WAN VDOM will connect with Corp1 and Corp2 through internal links, managing WAN IP and NAT tasks. Tag the VLANs for each CORP1 and CORP2 instance via the L2 layer, showing per-port details as required for the office layout. The FortiGate will manage traffic between CORPX and the WAN, and control whether Corp1 and Corp2 can communicate or not.
Reply
Reply
R
Ronoris
07-02-2021, 11:34 PM #7

If it's an FG 80e, I'll generate three VDOMs. One for the WAN, one for Corp1, and another for Corp2. The WAN VDOM will connect with Corp1 and Corp2 through internal links, managing WAN IP and NAT tasks. Tag the VLANs for each CORP1 and CORP2 instance via the L2 layer, showing per-port details as required for the office layout. The FortiGate will manage traffic between CORPX and the WAN, and control whether Corp1 and Corp2 can communicate or not.

Reply
Reply
E
erin_33
Member
Find
209
07-03-2021, 03:52 AM
#8
If the Fortigate remains unchanged, you must use multiple WAN IP addresses otherwise your traffic will go through their firewall. If going through the firewall is acceptable, set up a new interface and associate it with Corp2. If that setup feels too distant, consider installing a firewall with double NAT, though this may cause problems later. Ultimately, significant adjustments on the firewall are necessary to meet your requirements.
Reply
Reply
E
erin_33
07-03-2021, 03:52 AM #8

If the Fortigate remains unchanged, you must use multiple WAN IP addresses otherwise your traffic will go through their firewall. If going through the firewall is acceptable, set up a new interface and associate it with Corp2. If that setup feels too distant, consider installing a firewall with double NAT, though this may cause problems later. Ultimately, significant adjustments on the firewall are necessary to meet your requirements.

Reply
Reply
R
ruralMCgaming
Member
Find
153
07-03-2021, 04:25 AM
#9
I understood the setup mentioned earlier. It seems they arranged switches after the modem but before the firewall. They likely needed multiple public IPs to support different networks. This process is unfamiliar to me since I haven’t had to separate networks before. I’m unsure if placing my own firewall between the modem and theirs is necessary, especially if I can set up the firewall first and then direct traffic through the switch for specific areas like building #2.
Reply
Reply
R
ruralMCgaming
07-03-2021, 04:25 AM #9

I understood the setup mentioned earlier. It seems they arranged switches after the modem but before the firewall. They likely needed multiple public IPs to support different networks. This process is unfamiliar to me since I haven’t had to separate networks before. I’m unsure if placing my own firewall between the modem and theirs is necessary, especially if I can set up the firewall first and then direct traffic through the switch for specific areas like building #2.

Reply
Reply