cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki with Fortinet

Highlighted
Here to help

Meraki with Fortinet

Hello

I have a Fortigate Firewall 200E with 6 Forti access points. My APs have a corporate SSID (10.0.0.x and access to corporate resources) and a guest SSID (10.0.1.x with no access to company resources). I did not setup VLANs on my firewall so I think they are separated because of policies but I'm not really sure how it works with with Fortinet.

I now need to install Meraki switches (decision from corporate) and access points and use them together with my Fortinet. What is the best way to have my Meraki access points have a guest SSID that is separate from my corporate LAN and a corporate SSID that my users can access my company resources on? 

5 REPLIES 5
Highlighted
Kind of a big deal

Re: Meraki with Fortinet

Simply use VLANs to separate the specific networks, terminate them at your Fortigate and have a firewall ruleset in place.

Highlighted
Here to help

Re: Meraki with Fortinet

Thanks but do you think I will need to create VLANs on my fortinet firewall and switches as well?

Highlighted
Kind of a big deal

Re: Meraki with Fortinet


@MattRedis wrote:

Thanks but do you think I will need to create VLANs on my fortinet firewall and switches as well?


What kind of Meraki switches are you getting? Do any of them have L3 capability?

 

If you'll have L3 from switches, you can terminate your vlans on a core switch with SVIs, then setup a stubby transport subnet/vlan combo between your Fortinet and the core switch. Then you don't have to worry about vlans on the Fortinet at all.

Highlighted
Here to help

Re: Meraki with Fortinet

Hi Nash

 

These are the access points and switches I am getting. Are they good enough?

 

Cisco Meraki MR45 Cloud Managed Wireless
 
Meraki MS225-48LP L2 Stck Cld-Mngd 48x
GigE 370W PoE Switch

 

Thanks

Highlighted
Kind of a big deal

Re: Meraki with Fortinet

In your case I'd probably go with @CptnCrnch 's solution.

 

Define subnets/VLANs on your FortiGate. Trunk them to the MS switches. Then have your MR's in bridge mode with a trunk to the MS switches, and configure the correct VLAN for each SSID.

 

This doc should help you:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points

 

The FortiGate will remain the router and default gateway for the network.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.