System Network VLANs in Transparent mode
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 99
4 Select the physical interface that receives the VLAN packets intended for this
VLAN subinterface.
5 Enter the VLAN ID that matches the VLAN ID of the packets to be received by this
VLAN subinterface.
6 If you are the super admin, select the virtual domain to add this VLAN
subinterface to. Otherwise, you can only create VLAN subinterfaces in your own
VDOM.
See “Using virtual domains” on page 61 for information about virtual domains.
7 Configure the VLAN subinterface settings as you would for any FortiGate
interface.
See “Interface settings” on page 72.
8 Select OK to save your changes.
The FortiGate unit adds the new VLAN subinterface to the interface that you
selected in step 4.
To add firewall policies for VLAN subinterfaces
Once you have added VLAN subinterfaces you can add firewall policies for
connections between VLAN subinterfaces or from a VLAN subinterface to a
physical interface.
1 Go to Firewall > Address.
2 Select Create New to add firewall addresses that match the source and
destination IP addresses of VLAN packets.
See “About firewall addresses” on page 235.
3 Go to Firewall > Policy.
4 Create or add firewall policies as required.
VLANs in Transparent mode
In Transparent mode, the FortiGate unit can apply firewall policies and services,
such as authentication, protection profiles, and other firewall features, to traffic on
an IEEE 802.1 VLAN trunk. You can insert the FortiGate unit operating in
Transparent mode into the trunk without making changes to your network. In a
typical configuration, the FortiGate internal interface accepts VLAN packets on a
VLAN trunk from a VLAN switch or router connected to internal VLANs. The
FortiGate external interface forwards tagged packets through the trunk to an
external VLAN switch or router which could be connected to the Internet. The
FortiGate unit can be configured to apply different policies for traffic on each
VLAN in the trunk.
For VLAN traffic to be able to pass between the FortiGate Internal and external
interface you would add a VLAN subinterface to the internal interface and another
VLAN subinterface to the external interface. If these VLAN subinterfaces have the
same VLAN IDs, the FortiGate unit applies firewall policies to the traffic on this
VLAN. If these VLAN subinterfaces have different VLAN IDs, or if you add more
than two VLAN subinterfaces, you can also use firewall policies to control
connections between VLANs.
To Next Page
Loading...
Need help?
General