HPE Community
HPE Aruba Networking & ProVision-based
1833742 Members
2979 Online
110063 Solutions
New Discussion

integrate Fortigate with HP 5406zl layer 3 switch

 
m-hosni
Occasional Advisor

‎09-29-2014 04:47 AM

‎09-29-2014 04:47 AM

integrate Fortigate with HP 5406zl layer 3 switch

Hi,

 

i have a problem with hp procurve 5406zl with the fortigate 100-D firewall, the problem as states:

 

on the hp switch we have 13 vlans all have gateway 10.0.2.150 which is the TMG server which needs replacment .

 

the problem is that when the fortigate in intesrted on the core switch , the LAN routing is great working fine , now it wouldn't access the internet through out the lan despite it has the same IP address of the TMG server.

 

i have tried tagging and untagging but i don't understand how it works ?

 

any solution ar ideas any one can help with ?

 

thanks

 

  

0 Kudos
9 REPLIES 9
m-hosni
Occasional Advisor

‎09-29-2014 04:50 AM

‎09-29-2014 04:50 AM

Re: integrate Fortigate with HP 5406zl layer 3 switch

attached config

0 Kudos
Vince-Whirlwind
Honored Contributor

‎09-29-2014 06:46 PM

‎09-29-2014 06:46 PM

Re: integrate Fortigate with HP 5406zl layer 3 switch

You have your default route pointing at 10.0.2.150

10.0.2.0/24 is in VLAN2

You have VLAN2 untagged on switchport B9

B9 is the internal port for the module

 

The next thing I would check is whether you have configured the module IP interface correctly.

0 Kudos
Vince-Whirlwind
Honored Contributor

‎09-29-2014 06:46 PM

‎09-29-2014 06:46 PM

Re: integrate Fortigate with HP 5406zl layer 3 switch

You have your default route pointing at 10.0.2.150

10.0.2.0/24 is in VLAN2

You have VLAN2 untagged on switchport B9

B9 is the internal port for the module

 

The next thing I would check is whether you have configured the module IP interface correctly with 10.0.2.150/24.

0 Kudos
m-hosni
Occasional Advisor

‎09-29-2014 11:51 PM

‎09-29-2014 11:51 PM

Re: integrate Fortigate with HP 5406zl layer 3 switch

yes but what is the diffrence between tagged & untagged , this is confusing me.

 

also the fortigate has the same IP of the TMG , in theroy it should work

0 Kudos
Vince-Whirlwind
Honored Contributor

‎09-30-2014 02:09 AM

‎09-30-2014 02:09 AM

Re: integrate Fortigate with HP 5406zl layer 3 switch

Tagged/untagged are two different Ethernet frame formats.
As long as both devices are configured the same it will work.
The trick is when you are connecting two different vendors devices- different vendors often use different terminology.
In this case stick with untagged. No VLAN config. No 802.1q.
I think your switch config looks good so I think you should check the FW.
0 Kudos
m-hosni
Occasional Advisor

‎09-30-2014 05:34 AM

‎09-30-2014 05:34 AM

Re: integrate Fortigate with HP 5406zl layer 3 switch

ok i will stick with the untagged option , as for the FW i will make the vendor take a look in it .

 

anything happens i will keep you updated.

0 Kudos
m-hosni
Occasional Advisor

‎10-16-2014 03:50 AM

‎10-16-2014 03:50 AM

Re: integrate Fortigate with HP 5406zl layer 3 switch

hello again ,

 

the ISP now wants to create a new vlan inside the core switch inside and change the gateway ip's for the rest of the vlans , and the current situation now is the athe firewall is integrated inside the local network with all shares and web applications are operating normally , this dosen't make any sense as it is working normally but the internet is not accessable inside the network , my guess that the fortigate is having a problem with the configuration ?

 

any solution about this issue ?

0 Kudos
Vince-Whirlwind
Honored Contributor

‎10-16-2014 06:48 PM

‎10-16-2014 06:48 PM

Re: integrate Fortigate with HP 5406zl layer 3 switch

Could it be they want to configure a whole bunch of subinterfaces at their end? If they are doing this on the Fortinet this would be good to provide security . Otherwise it doesn't make much sense
0 Kudos
m-hosni
Occasional Advisor

‎10-19-2014 12:53 AM

‎10-19-2014 12:53 AM

Re: integrate Fortigate with HP 5406zl layer 3 switch

no they don't want to do it for security reasons , they want to do it to test the WAN connection ti inside lan as they say

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.