Meraki

Community

Meraki with Fortinet

MattRedis
Here to help
‎Feb 25 2020 12:42 PM
‎Feb 25 2020 12:42 PM

Meraki with Fortinet

Hello

I have a Fortigate Firewall 200E with 6 Forti access points. My APs have a corporate SSID (10.0.0.x and access to corporate resources) and a guest SSID (10.0.1.x with no access to company resources). I did not setup VLANs on my firewall so I think they are separated because of policies but I'm not really sure how it works with with Fortinet.

I now need to install Meraki switches (decision from corporate) and access points and use them together with my Fortinet. What is the best way to have my Meraki access points have a guest SSID that is separate from my corporate LAN and a corporate SSID that my users can access my company resources on? 

0 Kudos
6 Replies 6
CptnCrnch
Kind of a big deal
‎Feb 25 2020 1:03 PM
‎Feb 25 2020 1:03 PM

Simply use VLANs to separate the specific networks, terminate them at your Fortigate and have a firewall ruleset in place.

In response to CptnCrnch
MattRedis
Here to help
‎Feb 25 2020 1:11 PM
‎Feb 25 2020 1:11 PM

Thanks but do you think I will need to create VLANs on my fortinet firewall and switches as well?

0 Kudos
In response to MattRedis
Nash
Kind of a big deal
‎Feb 25 2020 2:11 PM
‎Feb 25 2020 2:11 PM

@MattRedis wrote:

Thanks but do you think I will need to create VLANs on my fortinet firewall and switches as well?

What kind of Meraki switches are you getting? Do any of them have L3 capability?

 

If you'll have L3 from switches, you can terminate your vlans on a core switch with SVIs, then setup a stubby transport subnet/vlan combo between your Fortinet and the core switch. Then you don't have to worry about vlans on the Fortinet at all.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
In response to Nash
MattRedis
Here to help
‎Feb 26 2020 1:21 AM
‎Feb 26 2020 1:21 AM

Hi Nash

 

These are the access points and switches I am getting. Are they good enough?

 

Cisco Meraki MR45 Cloud Managed Wireless
 
Meraki MS225-48LP L2 Stck Cld-Mngd 48x
GigE 370W PoE Switch

 

Thanks

0 Kudos
In response to MattRedis
BrechtSchamp
Kind of a big deal
‎Feb 26 2020 4:16 AM
‎Feb 26 2020 4:16 AM

In your case I'd probably go with @CptnCrnch 's solution.

 

Define subnets/VLANs on your FortiGate. Trunk them to the MS switches. Then have your MR's in bridge mode with a trunk to the MS switches, and configure the correct VLAN for each SSID.

 

This doc should help you:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points

 

The FortiGate will remain the router and default gateway for the network.

In response to Nash
EX100
Just browsing
‎Sep 19 2021 3:14 PM
‎Sep 19 2021 3:14 PM

@NashThank you soo much for the information given, however, i am having the same network diagram but i have a L3 Switch 2 Ms350 stacked. I have been able to create the SVI's on the switch but i am having issues getting internet to the SVI's.

 

Please any advice or document you can direct me to.

 

Thank you.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.