- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Aruba 2930f with Fortigate
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-04-2021 07:18 AM
тАО05-04-2021 07:18 AM
Aruba 2930f with Fortigate
Hi,
I have a legacy Aruba 2930F with several VLANs and routing. As ACLs get more and more complicated, we decided to buy a Fortigate and use it for routing and setup ACLs between VLANs.
I'd like to to introduce the least changes as posible, leaving the same gateway for every VLAN, transferring these gateways IPs to the Fortigate, removing routing and use Fortigate for this.
Does this make sense for you? Any tip? I'm pretty newbie on Aruba's side, but strong on the Fortigate site.
Thanks for your help,
I├▒aki
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-04-2021 07:20 AM
тАО05-04-2021 07:20 AM
Re: Aruba 2930f with Fortigate
vsf
enable domain 1
member 1
type "JL253A" mac-address 3821c7-295180
priority 128
link 1 1/25-1/26
link 1 name "I-Link1_1"
link 2 name "I-Link1_2"
exit
member 2
type "JL253A" mac-address 3821c7-29a100
priority 128
link 1 2/25-2/26
link 1 name "I-Link2_1"
link 2 name "I-Link2_2"
exit
port-speed 10g
exit
console idle-timeout 3600
trunk 2/1 trk1 trunk
timesync ntp
ntp unicast
ntp server 147.156.7.50
ntp enable
time timezone 60
web-management idle-timeout 6000
ip access-list extended "acl20"
5 permit tcp 192.168.21.1 0.0.1.255 192.168.40.1 0.0.0.255 established
15 deny ip 192.168.21.1 0.0.1.255 192.168.40.1 0.0.0.255
100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "acl30"
3 permit udp 192.168.30.105 0.0.0.0 192.168.1.15 0.0.0.0
4 permit udp 192.168.30.105 0.0.0.0 192.168.1.16 0.0.0.0
11 permit icmp 192.168.30.105 0.0.0.0 192.168.1.15 0.0.0.0 0
12 permit icmp 192.168.30.105 0.0.0.0 192.168.1.16 0.0.0.0 0
50 deny ip 192.168.30.1 0.0.0.255 192.168.1.1 0.0.0.255
60 deny ip 192.168.30.1 0.0.0.255 192.168.20.1 0.0.1.255
70 deny ip 192.168.30.1 0.0.0.255 192.168.40.1 0.0.0.255
80 deny ip 192.168.30.1 0.0.0.255 10.5.50.1 0.0.0.255
100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "acl50"
20 deny ip 10.5.50.1 0.0.0.255 192.168.1.1 0.0.0.255
30 deny ip 10.5.50.1 0.0.0.255 192.168.21.1 0.0.1.255
40 deny ip 10.5.50.1 0.0.0.255 192.168.40.1 0.0.0.255
50 deny ip 10.5.50.1 0.0.0.255 192.168.30.1 0.0.0.255
100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip default-gateway 192.168.1.254
ip timep manual 192.168.1.109
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip routing
interface 1/3
name "vnic1 ESXI01"
exit
interface 1/23
lacp key 10
lacp active
exit
interface 1/24
lacp active
exit
interface 1/28
name "vnic3 ESX01"
exit
interface 2/23
lacp key 10
lacp passive
exit
interface 2/24
lacp active
exit
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1/2,1/6-1/7,1/13,1/20,1/27,2/2,2/7,2/9,2/11,2/15-2/20
untagged 1/1,1/3-1/5,1/8-1/12,1/14-1/19,1/21-1/24,1/28,2/3-2/6,2/8,2/10,2/12-2/14,2/21-2/24,2/27-2/28,Trk1
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.109
ipv6 enable
ipv6 address autoconfig
exit
vlan 20
name "OFICINA"
untagged 1/2,1/6,1/20,2/2,2/11,2/15-2/20
tagged 1/1,1/3-1/4,1/8,1/13-1/16,1/23-1/24,1/28,2/3-2/4,2/8,2/23-2/24,2/27-2/28,Trk1
ip access-group "acl20" in
ip address 192.168.21.1 255.255.254.0
ip helper-address 192.168.1.109
ipv6 enable
ipv6 address autoconfig
exit
vlan 30
name "PLANTA"
untagged 1/7,1/13,2/7,2/9
tagged 1/1,1/3-1/4,1/8,1/15,1/23,1/28,2/3-2/4,2/8,2/23-2/24,2/27-2/28,Trk1
ip access-group "acl30" in
ip address 192.168.30.1 255.255.255.0
ip helper-address 192.168.1.109
ipv6 enable
ipv6 address autoconfig
exit
vlan 40
name "BACKUP"
untagged 1/27
tagged 1/1,1/3-1/4,1/15,1/23,1/28,2/3-2/4,2/23,2/27-2/28,Trk1
ip address 192.168.40.1 255.255.255.0
ip helper-address 192.168.1.109
exit
vlan 50
name "INVITADOS"
tagged 1/1,1/8,1/13-1/16,1/23-1/24,2/8,2/23-2/24,2/27-2/28,Trk1
ip access-group "acl50" in
ip address 10.5.50.1 255.255.255.0
dhcp-server
exit
spanning-tree Trk1 priority 4
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
dhcp-server pool "INVITADOS"
default-router "10.5.50.1"
dns-server "8.8.8.8,8.8.4.4"
network 10.5.50.0 255.255.255.0
range 10.5.50.10 10.5.50.250
exit
dhcp-server enable
password manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-07-2021 08:33 AM
тАО05-07-2021 08:33 AM
Re: Aruba 2930f with Fortigate
Hello,
What exactly chnage in the config?
The gateway or you are chnaging rules as well?
Changing in rule depends on the customer requirements.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-10-2021 01:07 AM
тАО05-10-2021 01:07 AM
Re: Aruba 2930f with Fortigate
I didn't change anything yet. That was what I wanted to know.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-11-2021 11:54 PM
тАО05-11-2021 11:54 PM
Re: Aruba 2930f with Fortigate
Hello,
This request needs intervention of support.
We request you to log a case on HPE Support Center portal for further resolution using the link: https://support.hpe.com/hpesc/public/home/
Thanks!