66 01-28006-0002-20041105 Fortinet Inc.
VLANs in NAT/Route mode System network
Figure 17: FortiGate unit in Nat/Route mode
Adding VLAN subinterfaces
The VLAN ID of each VLAN subinterface must match the VLAN ID added by the IEEE
802.1Q-compliant router. The VLAN ID can be any number between 1 and 4096.
Each VLAN subinterface must also be configured with its own IP address and
netmask.
You add VLAN subinterfaces to the physical interface that receives VLAN-tagged
packets.
To add a VLAN subinterface in NAT/Route mode
1 Go to System > Network > Interface.
2 Select Create New to add a VLAN subinterface.
3 Enter a Name to identify the VLAN subinterface.
4 Select the physical interface that receives the VLAN packets intended for this VLAN
subinterface.
5 Enter the VLAN ID that matches the VLAN ID of the packets to be received by this
VLAN subinterface.
6 Select the virtual domain to which to add this VLAN subinterface.
See “System virtual domain” on page 131 for information about virtual domains.
7 Select the name of a zone if you want this VLAN subinterface to belong to a zone.
You can only select a zone that has been added to the virtual domain selected in the
previous step. See “Zone” on page 53 for information about zones.
8 Configure the VLAN subinterface settings as you would for any FortiGate interface.
See “Interface settings” on page 44.
9 Select OK to save your changes.
The FortiGate unit adds the new VLAN subinterface to the interface that you selected
in step 4.
802.1Q Trunk
VLAN switch
Internet
FortiGate
POWER
Esc Enter
External
172.16.21.2
Internal
192.168.110.126
Fa0/3 Fa0/9 Fa0/24
VLAN 100 VLAN 200
VLAN 100 network
10.1.1.0
10.1.1.2
VLAN 200 network
10.1.2.0
10.1.2.2
Note: A VLAN must not have the same name as a virtual domain or zone.
To Next Page
Loading...
