Going to implement new Infrastructure in HQ Office with 1 firewall, 1 L3 Switch, 5 L2 Switch, 2 Managed WIFI AP and 1 Server [closed]

Solution 1:

There is way too little information provided to give you proper answers to your questions. But I will at least try to steer you in the right direction:

You need to draw a detailed map of the network topology you want to build. Then you need to estimate how many users you have on each location and how much bandwidth they will consume. What kind of connections will you have between the branch offices and HQ? Will you need a firewall on each location, or will a l3 router or similar be sufficient? Those kinds of things.

When you have a good understanding of your network environment, you can start answering your own questions:

1. Check if the Fortigate 400E will be able to handle your bandwidth estimations. Remember that if you enable next-gen security features, the max throughput will decrease significantly. The datasheet for your firewall can be found here: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_400E.pdf

2. The "class of ip-addresses" for your environment will depend on how many users there are on each location, and how you designed your network. Use RFC1918 ip-addresses, and be generous with the addresses. If a branch office have 50 employees, feel free to implement a /24 subnet with 255 ip-addresses.

3. Your AD & DHCP server could well be able to serve the entire company. You seem to have limited amount of equipment, and no redundancy for central components. If you really want to design this environment with a single central firewall, you might as well use one server for AD & DHCP as well. But please, please make sure to take regular backups of all components, and store at least some of the backups on an off-site location.