How to set up your FortiWAN Configuring Network Interface (Network Setting)
Configurations for VLAN and Port Mapping
VLAN and Port Mapping
FortiWAN supports IEEE 802.1Q (also known as VLAN Tagging), but it does not support Cisco’s ISL. Prior to its
deployment, it is better to get ports mapped, for example. Port1 mapped to WAN port. To better use FortiWAN with
VLAN Switch in the network, see the structure below:
As described, FortiWAN Port 1 is connected to VLAN switch, and VLAN tagging is required in the network. Thus
administrators can map the tags in [Mapping] and configure tagging in [VLAN Tag]. See below:
l Tag 101 --- WAN
l Tag 102 --- WAN
l Tag 103 --- LAN
l Tag 104 --- DMZ
After this configuration, FortiWAN port1 will no longer accept untagged VLAN packets. Port1.101 and port1.102 on
VLN Switch are directly connected with WAN links, while port1.103 is connected with PCs in LAN and port1.104 is
connected with PCs in DMZ. In this network, FortiWAN acts as the role of Router. PCs in DMZ can be assigned with
public IP addresses, with their packets transparently passing through FortiWAN to WAN. Apart from FortiWAN ports, it
is necessary to configure VLAN Switch as well, like the settings of tags and IP addresses. Note: This field (VRID) is
only available when VRRP mode is enabled in LAN Private Subnet settings. The VRID indicates the virtual router
identifier for every VR.
Redundant LAN/DMZ Port and Aggregated LAN/DMZ Port
Why redundant LAN port and redundant DMZ port are necessary? Because without these two ports, when FortiWAN is
working in HA mode, single point failure can still occur over links connecting LAN/DMZ and LAN/DMZ ports on
FortiWAN. FortiWAN bridges the connections of redundant LAN port and redundant DMZ port. It supports the
Spanning Tree algorithm and sets the highest 0xffff as bridge priority. The configurations thus manage to avoid
33 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
