L2 communication spanning two firewalls

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

L2 communication spanning two firewalls

L1 Bithead

Hello,

 

I have the architecture outlined below, and communication needs to be established between the machines on the network 10.1.2.0/24 via FW1 (Palo Alto) and FW2 (fortigate). Could you please offer a solution to accomplish this?



hamza_d_0-1714779769190.png

 

Thank you.

 

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

On the Palo side you have the option of using a VWire (2 interfaces connected as a virtual wire), or setting 2 interfaces to Layer2 mode and putting them in the same vlan

in both cases give each interface it's own zone and then create 2 security rules 

zone a to zone b

zone b to zone a

 

and it will work like a charm

 

on the forti side you probably need black magic (sorry, you'll need to go ask fortinet)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

On the Palo side you have the option of using a VWire (2 interfaces connected as a virtual wire), or setting 2 interfaces to Layer2 mode and putting them in the same vlan

in both cases give each interface it's own zone and then create 2 security rules 

zone a to zone b

zone b to zone a

 

and it will work like a charm

 

on the forti side you probably need black magic (sorry, you'll need to go ask fortinet)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L3 Networker

This method is similar on the Fortigate. You can assign layer 2 vlans to ports on the forti. 

  • 1 accepted solution
  • 1238 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!