HPE Community
Aruba & ProVision-based
1752577 Members
4721 Online
108788 Solutions
New Discussion

Re: Aruba 2930f with Fortigate

 
ilarena
Occasional Collector

‎05-04-2021 07:18 AM

‎05-04-2021 07:18 AM

Aruba 2930f with Fortigate

Hi,

I have a legacy Aruba 2930F with several VLANs and routing. As ACLs get more and more complicated, we decided to buy a Fortigate and use it for routing and setup ACLs between VLANs.

I'd like to to introduce the least changes as posible, leaving the same gateway for every VLAN, transferring these gateways IPs to the Fortigate, removing routing and use Fortigate for this.

Does this make sense for you? Any tip? I'm pretty newbie on Aruba's side, but strong on the Fortigate site.

Thanks for your help,

Iñaki

 

0 Kudos
4 REPLIES 4
ilarena
Occasional Collector

‎05-04-2021 07:20 AM

‎05-04-2021 07:20 AM

Re: Aruba 2930f with Fortigate

vsf
enable domain 1
member 1
type "JL253A" mac-address 3821c7-295180
priority 128
link 1 1/25-1/26
link 1 name "I-Link1_1"
link 2 name "I-Link1_2"
exit
member 2
type "JL253A" mac-address 3821c7-29a100
priority 128
link 1 2/25-2/26
link 1 name "I-Link2_1"
link 2 name "I-Link2_2"
exit
port-speed 10g
exit
console idle-timeout 3600
trunk 2/1 trk1 trunk
timesync ntp
ntp unicast
ntp server 147.156.7.50
ntp enable
time timezone 60
web-management idle-timeout 6000
ip access-list extended "acl20"
5 permit tcp 192.168.21.1 0.0.1.255 192.168.40.1 0.0.0.255 established
15 deny ip 192.168.21.1 0.0.1.255 192.168.40.1 0.0.0.255
100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "acl30"
3 permit udp 192.168.30.105 0.0.0.0 192.168.1.15 0.0.0.0
4 permit udp 192.168.30.105 0.0.0.0 192.168.1.16 0.0.0.0
11 permit icmp 192.168.30.105 0.0.0.0 192.168.1.15 0.0.0.0 0
12 permit icmp 192.168.30.105 0.0.0.0 192.168.1.16 0.0.0.0 0
50 deny ip 192.168.30.1 0.0.0.255 192.168.1.1 0.0.0.255
60 deny ip 192.168.30.1 0.0.0.255 192.168.20.1 0.0.1.255
70 deny ip 192.168.30.1 0.0.0.255 192.168.40.1 0.0.0.255
80 deny ip 192.168.30.1 0.0.0.255 10.5.50.1 0.0.0.255
100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "acl50"
20 deny ip 10.5.50.1 0.0.0.255 192.168.1.1 0.0.0.255
30 deny ip 10.5.50.1 0.0.0.255 192.168.21.1 0.0.1.255
40 deny ip 10.5.50.1 0.0.0.255 192.168.40.1 0.0.0.255
50 deny ip 10.5.50.1 0.0.0.255 192.168.30.1 0.0.0.255
100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip default-gateway 192.168.1.254
ip timep manual 192.168.1.109
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip routing
interface 1/3
name "vnic1 ESXI01"
exit
interface 1/23
lacp key 10
lacp active
exit
interface 1/24
lacp active
exit
interface 1/28
name "vnic3 ESX01"
exit
interface 2/23
lacp key 10
lacp passive
exit
interface 2/24
lacp active
exit
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1/2,1/6-1/7,1/13,1/20,1/27,2/2,2/7,2/9,2/11,2/15-2/20
untagged 1/1,1/3-1/5,1/8-1/12,1/14-1/19,1/21-1/24,1/28,2/3-2/6,2/8,2/10,2/12-2/14,2/21-2/24,2/27-2/28,Trk1
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.109
ipv6 enable
ipv6 address autoconfig
exit
vlan 20
name "OFICINA"
untagged 1/2,1/6,1/20,2/2,2/11,2/15-2/20
tagged 1/1,1/3-1/4,1/8,1/13-1/16,1/23-1/24,1/28,2/3-2/4,2/8,2/23-2/24,2/27-2/28,Trk1
ip access-group "acl20" in
ip address 192.168.21.1 255.255.254.0
ip helper-address 192.168.1.109
ipv6 enable
ipv6 address autoconfig
exit
vlan 30
name "PLANTA"
untagged 1/7,1/13,2/7,2/9
tagged 1/1,1/3-1/4,1/8,1/15,1/23,1/28,2/3-2/4,2/8,2/23-2/24,2/27-2/28,Trk1
ip access-group "acl30" in
ip address 192.168.30.1 255.255.255.0
ip helper-address 192.168.1.109
ipv6 enable
ipv6 address autoconfig
exit
vlan 40
name "BACKUP"
untagged 1/27
tagged 1/1,1/3-1/4,1/15,1/23,1/28,2/3-2/4,2/23,2/27-2/28,Trk1
ip address 192.168.40.1 255.255.255.0
ip helper-address 192.168.1.109
exit
vlan 50
name "INVITADOS"
tagged 1/1,1/8,1/13-1/16,1/23-1/24,2/8,2/23-2/24,2/27-2/28,Trk1
ip access-group "acl50" in
ip address 10.5.50.1 255.255.255.0
dhcp-server
exit
spanning-tree Trk1 priority 4
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
dhcp-server pool "INVITADOS"
default-router "10.5.50.1"
dns-server "8.8.8.8,8.8.4.4"
network 10.5.50.0 255.255.255.0
range 10.5.50.10 10.5.50.250
exit
dhcp-server enable
password manager

0 Kudos
akg7
HPE Pro

‎05-07-2021 08:33 AM

‎05-07-2021 08:33 AM

Re: Aruba 2930f with Fortigate

Hello,

What exactly chnage in the config?

The gateway or you are chnaging rules as well?

Changing in rule depends on the customer requirements.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
ilarena
Occasional Collector

‎05-10-2021 01:07 AM

‎05-10-2021 01:07 AM

Re: Aruba 2930f with Fortigate

I didn't change anything yet. That was what I wanted to know.

0 Kudos
akg7
HPE Pro

‎05-11-2021 11:54 PM

‎05-11-2021 11:54 PM

Re: Aruba 2930f with Fortigate

Hello,

 

This request needs intervention of support.

 

We request you to log a case on HPE Support Center portal for further resolution using the link: https://support.hpe.com/hpesc/public/home/

 

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.