Going to implement new Infrastructure in HQ Office with 1 firewall, 1 L3 Switch, 5 L2 Switch, 2 Managed WIFI AP and 1 Server

Question

Im going Implement Network in HQ Office which will link also with Branches Office. What IP Address Class is recommended on this scenario? Need some assist to Kick Off on this. I have 1 unit Fortigate 400E will be setup in HQ Office,1 unit of L3 Switch, 5 units of L2 Switch, 2 Managed WIFI AP & a 130 packs of new implement LAN points & 1 Server which will be running on AD & DHCP. The concern in my mind as per below:

1. With this Fortigate 400E,could this be centralize control for the rest coming branches offices new network implementation?
2. What class of IP Address perfect on this Setup?
3. AD & DHCP Server can be centralized for the whole Branches Office coming new network/ client implementation including HQ Office?

Answer 1

There is way too little information provided to give you proper answers to your questions. But I will at least try to steer you in the right direction:

You need to draw a detailed map of the network topology you want to build. Then you need to estimate how many users you have on each location and how much bandwidth they will consume. What kind of connections will you have between the branch offices and HQ? Will you need a firewall on each location, or will a l3 router or similar be sufficient? Those kinds of things.

When you have a good understanding of your network environment, you can start answering your own questions:

1. Check if the Fortigate 400E will be able to handle your bandwidth estimations. Remember that if you enable next-gen security features, the max throughput will decrease significantly. The datasheet for your firewall can be found here: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_400E.pdf

2. The "class of ip-addresses" for your environment will depend on how many users there are on each location, and how you designed your network. Use RFC1918 ip-addresses, and be generous with the addresses. If a branch office have 50 employees, feel free to implement a /24 subnet with 255 ip-addresses.

3. Your AD & DHCP server could well be able to serve the entire company. You seem to have limited amount of equipment, and no redundancy for central components. If you really want to design this environment with a single central firewall, you might as well use one server for AD & DHCP as well. But please, please make sure to take regular backups of all components, and store at least some of the backups on an off-site location.