Meraki with Fortinet

MattRedis
Here to help

Meraki with Fortinet

Hello

I have a Fortigate Firewall 200E with 6 Forti access points. My APs have a corporate SSID (10.0.0.x and access to corporate resources) and a guest SSID (10.0.1.x with no access to company resources). I did not setup VLANs on my firewall so I think they are separated because of policies but I'm not really sure how it works with with Fortinet.

I now need to install Meraki switches (decision from corporate) and access points and use them together with my Fortinet. What is the best way to have my Meraki access points have a guest SSID that is separate from my corporate LAN and a corporate SSID that my users can access my company resources on? 

6 Replies 6
CptnCrnch
Kind of a big deal
Kind of a big deal

Simply use VLANs to separate the specific networks, terminate them at your Fortigate and have a firewall ruleset in place.

MattRedis
Here to help

Thanks but do you think I will need to create VLANs on my fortinet firewall and switches as well?

Nash
Kind of a big deal


@MattRedis wrote:

Thanks but do you think I will need to create VLANs on my fortinet firewall and switches as well?


What kind of Meraki switches are you getting? Do any of them have L3 capability?

 

If you'll have L3 from switches, you can terminate your vlans on a core switch with SVIs, then setup a stubby transport subnet/vlan combo between your Fortinet and the core switch. Then you don't have to worry about vlans on the Fortinet at all.

MattRedis
Here to help

Hi Nash

 

These are the access points and switches I am getting. Are they good enough?

 

Cisco Meraki MR45 Cloud Managed Wireless
 
Meraki MS225-48LP L2 Stck Cld-Mngd 48x
GigE 370W PoE Switch

 

Thanks

BrechtSchamp
Kind of a big deal

In your case I'd probably go with @CptnCrnch 's solution.

 

Define subnets/VLANs on your FortiGate. Trunk them to the MS switches. Then have your MR's in bridge mode with a trunk to the MS switches, and configure the correct VLAN for each SSID.

 

This doc should help you:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points

 

The FortiGate will remain the router and default gateway for the network.

EX100
Just browsing

@NashThank you soo much for the information given, however, i am having the same network diagram but i have a L3 Switch 2 Ms350 stacked. I have been able to create the SVI's on the switch but i am having issues getting internet to the SVI's.

 

Please any advice or document you can direct me to.

 

Thank you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels