About Me

My photo
GTA, Ontario, Canada
Hold the Door!!! CCIE 25938: CCIE Routing & Switching, Security,Voice, and latest CCIE Datacenter. Python+SDN is on going

Saturday, May 28, 2016

A little experience with Fortigate firewall

Recently I am working on deploying Fortigate 3700D in our network. There are couple things just learned during the project.

1) 1G SFP in 10G port on Fortigate 3700D to build Port-channel with Cisco N5K. It must use 1000Auto on Fortigate side, otherwise port-channel won't come up. 

2) Trust subnet configured under admin account will impact data port Ping traffic as well (not only the admin login traffic). It will block Ping on the data port as well, even Ping is allowed, as long as the subnets are not in the Trust subnets range, ping will be dropped.

No comments:

Post a Comment