Skip to main content
3x-t
3x-t
Explorer
December 3, 2021
Question

BO and VLANs

  • December 3, 2021
  • 1 reply
  • 1676 views

Hello,

We have a couple of BO where security is very bad so we want to have separate VLAN just for each of these BOs. 

Our goal is to have one VLAN for each BO with one subnet on it for workstations. That VLAN needs only internet access. Now, besides this simple configuration, we would like to have access to each of these PCs from HQ workgroup VLAN for remote support.

In this case, do we need to:

- create VLAN on HQ and BO FGs?

- Make DHCP on VLAN at HQ or BO?

- If we have to create (and I think we have to) VLAN on HQ FG, do we create that VLAN on the same physical interface where we have other VLANs for HQ?

- Firewall policy on HQ or BO FGs?

 

Thank you in advance!

1 reply

Markus_M
Staff & Editor
Markus_M
Staff & Editor
December 4, 2021

Hi 3x-t,

 

you need only a VLAN on the branch office (with the proper subnet).

> you can create more than one per site, to segregate users/departments etc.

Then for each VLAN:

- DHCP service on BO FGT VLAN interface

- A policy from IPSec tunnel to VLAN (for remote support) and another the other way around (for BO users to access HQ resources)

- HQ FGT must have static routes to each VLAN subnet with the respective tunnel interface.

 

Best regards,

 

Markus

    Terms & ConditionsAccessibility statement