Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Add MS Switch and MR AP with Fortinet as SDWAN Router Appliance

meraki-newbie
Here to help
‎Nov 5 2023 11:42 PM
‎Nov 5 2023 11:42 PM

Add MS Switch and MR AP with Fortinet as SDWAN Router Appliance

Dear All,

 

We want to deploy 

 

MR 46 AP > MS 350 ACCESS SWITCH > MS 410 CORE SWITCH > SDWAN Router Fortinet 600E

 

There are several question, :

 

  1. What is the best possible, using MS 410 CORE or SDWAN Router Fortinet 600E as user+management gateway ?
  2. If we could implement this topology above, is that NAT will be performed at Fortinet level ? due to there are no MX SDWAN Appliance.. so all MS and MR switch management will be NAT at Fortinet ?

thank you

0 Kudos
Subscribe
3 Replies 3
Brash
Kind of a big deal
Kind of a big deal
‎Nov 6 2023 12:07 AM
‎Nov 6 2023 12:07 AM

It's difficult to comment directly on your design based only on a topology but I'll try to answer your questions.

1. You can use either the MS410 or the Forti as your vlan gateways. It really depends on how much inter-vlan traffic you have, and how much security you want to place between them.

Running all traffic through the Forti will provide better security options but may limit your inter-vlan throughput compared to the switch.

 

2. Yes, NAT for all network traffic would be performed on the Forti. The management network gateway for the MS350 and AP can be on the MS410 or the Forti (see above) but the management IP for the MS410 must have the gateway of the Forti.

 

Personally (assuming a small to medium sized office with SaaS workloads), I would probably use the Forti as the VLAN gateways for both data and MGMT traffic.

Subscribe
In response to Brash
meraki-newbie
Here to help
‎Nov 6 2023 12:49 AM
‎Nov 6 2023 12:49 AM

Alright that's very clear.

 

but for another question is, could we configure interface vlan and default route from the MS410 to Forti, using Local Status page ? due to our ISP installation is on going

0 Kudos
Subscribe
In response to meraki-newbie
Brash
Kind of a big deal
Kind of a big deal
‎Nov 6 2023 1:18 AM
‎Nov 6 2023 1:18 AM

You can only configure the MGMT IP address (or DHCP if preferred) and the MGMT vlan of the MS410 via the local status page.

Essentially the bare minimum to get it connected to the dashboard where it will pull all of the rest of the config.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.