Hello thank you so much for the reply and inputs! Sorry for the late reply, I am swamped at work at the moment lol. I also would like to give separate VLANs for each office however it might be a challenge to manage since there are lots of offices (about 17) with unequal number of devices (e.g one office has as much as 12 but one office only has 4). If I at the moment I at least divide it into two, say VLAN 10 for operations and VLAN 20 for admin/finance, but they will have the same ACL access to the internal servers. Does that make a difference in terms of security if say VLAN 10 is hit with ransomware/malware?
As much as I want to separate the printers as well, I can't do it at the moment since the switches in each offices are unmanaged ones lol. And thanks for sharing microsegmentation. Is that something applicable in our setup? I'd have to read more into that first.
Lastly, for the R&S side, I will leave the VLAN creation and routing to the L3 switch as you suggested. However we don't have another DHCP server at the moment, so I take it that it is better to have the Fortinet Firewall do it at the moment rather than the L3? Although I may have to test and simulate it first in GNS3 since I am not sure how to configure those. Thank you so much!
As much as I want to separate the printers as well, I can't do it at the moment since the switches in each offices are unmanaged ones lol. And thanks for sharing microsegmentation. Is that something applicable in our setup? I'd have to read more into that first.
Lastly, for the R&S side, I will leave the VLAN creation and routing to the L3 switch as you suggested. However we don't have another DHCP server at the moment, so I take it that it is better to have the Fortinet Firewall do it at the moment rather than the L3? Although I may have to test and simulate it first in GNS3 since I am not sure how to configure those. Thank you so much!