Best Way To Use Common Internet Policies For Multiple LANs

Question

Maybe this is an easy one but I haven't figured it out. I have 4 LANs, one wired and three WiFi, one is a guest, and one is a IoT. They all need to access the internet, and I have 6 or 7 blocking rules that are repeated for each. I want to have these policies in one place that all internet access goes through. I use Central NAT.

So, I'm guessing I make a VLAN, and put the rules in there. Then just have each LAN exit to this VLAN, and have the VLAN exit to the WAN port. But in this VLAN, what do I do about IP addresses and what about Central NAT? So LAN to VLAN to WAN. Do I just NAT LAN to WAN, like normal, and the VLAN figures it out inside? Anything I need to look out for? Thanks.

Demir25 · Answer

Have you considered the usage of Zones? By adding the specific interfaces in a Zone you can then call the Zone instead of separate interfaces in a firewall policy and allow the traffic to the internet. This definitely increases policy management and reduces firewall policies.  More into Zones: https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/116821/zone

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded