Fortinet black logo

Design overview

7.2.0
Copy Link
Copy Doc ID d9be5b50-3b55-11ed-9d74-fa163e15d75b:823484
Download PDF

Design overview

Use case and topology

The following figure shows the topology:

  • The focus is on getting the basic network up and running, leaving details for later.
  • The ISP access router/modem has been deployed.

    • It will serve as a DHCP address to your FortiGate WAN link.
    • The physical WAN connection is Ethernet.
  • The deployment will consist of the following:

    • 1 FortiGate device
    • 1 FortiSwitch unit
    • One or more FortiAP units
    • All necessary Ethernet cabling is available or already deployed/patched.
  • A laptop or other management station with an Ethernet port is available.

Design concept and considerations

The topology presented in this deployment guide is a baseline network to deploy a secure LAN edge as quickly as possible. The solution can be scaled out to accommodate more users on a site by adding additional FortiSwitch units, FortiAP units, and using a higher model FortiGate device. Redundancy can be improved by adding an additional FortiGate device into an HA cluster, provisioning a full-mesh switch network, and using aggregate links for connections.

SD-WAN can also be configured in this setup to provide redundancy and intelligent traffic steering over multiple underlays. Finally, in multi-site deployments, the sites can be standardized into SD-branches and quickly provisioned with a FortiManager unit and other orchestration tools.

In summary, the basic design in this deployment guide offers many possibilities to extend, optimize, and scale your solution. Once you have understood the steps and concepts in this guide, also consider other guides listed in Appendix B: Documentation references for further reading.

Design overview

Use case and topology

The following figure shows the topology:

  • The focus is on getting the basic network up and running, leaving details for later.
  • The ISP access router/modem has been deployed.

    • It will serve as a DHCP address to your FortiGate WAN link.
    • The physical WAN connection is Ethernet.
  • The deployment will consist of the following:

    • 1 FortiGate device
    • 1 FortiSwitch unit
    • One or more FortiAP units
    • All necessary Ethernet cabling is available or already deployed/patched.
  • A laptop or other management station with an Ethernet port is available.

Design concept and considerations

The topology presented in this deployment guide is a baseline network to deploy a secure LAN edge as quickly as possible. The solution can be scaled out to accommodate more users on a site by adding additional FortiSwitch units, FortiAP units, and using a higher model FortiGate device. Redundancy can be improved by adding an additional FortiGate device into an HA cluster, provisioning a full-mesh switch network, and using aggregate links for connections.

SD-WAN can also be configured in this setup to provide redundancy and intelligent traffic steering over multiple underlays. Finally, in multi-site deployments, the sites can be standardized into SD-branches and quickly provisioned with a FortiManager unit and other orchestration tools.

In summary, the basic design in this deployment guide offers many possibilities to extend, optimize, and scale your solution. Once you have understood the steps and concepts in this guide, also consider other guides listed in Appendix B: Documentation references for further reading.