FG-61E, VLANs, Routing Beetwen VLANs

Forum|Forum|7 years ago
November 29, 2018
1 reply
2591 views

Hello.

I have FG-61E FW. On the internal interface:

1) ip address - 192.168.31.1 (it is a Gateway for that LAN)

2) Net mask - 255.255.255.0

I need to set up VLAN, for example, 32. I also have 2 HPE layer 3 switches - 32 VLAN, ip routing enabled.

I found that instruction: https://cookbook.fortinet.com/using-zones-to-simplify-firewall-policies-56/

Option Block intra-zone traffic is disabled, because i need vlan routing.

But, it does not work fully. These is ping on 32 VLAN on fortinet FW, but there is no ping to internal interface (how I understand - this interface refers to Vlan 1) on FW and there is no internet. I created Policy to VLAN 32 Zone, how in video shows.

Ok. I replace FG-61E to Cisco router. Configure Cisco - and its work fine. But, I need FG-61E.

What I must do to enable VLAN routing on FG-61E?

Thank you.

ede_pfau

SuperUser

A VLAN is a virtual interface in FortiOS. For any traffic from a VLAN to some other LAN segment, you need a policy.

Check that there is a policy for each direction you intend.

Next, why use a zone here at all? Why not just single (virtual) interfaces?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded