Question
Setting up VLAN on a single subnet
Could someone please check if the configuration settings are correct. I am trying to setup 2 VLANs on a clients network with a single subnet. They are using Fortigate-80C as the DHCP server 192.168.1.1/255.255.255.0 and router to the internet. The 3Com 2226 switch has been set with 2 VLANs with one same port tagged on each VLAN (to the Fortigate-80C) and the others untagged to the relevant VLANs. This is the client’s network topo. 
Configuring the FortiGate-80C unit done below. Start the FortiGate web-based manager to configure the FortiGate-80C unit. Adding VLAN subinterfaces - web-based manager 1 Go to System > Network > Interface. 2 Select Create New. 3 Enter the following information for VLAN_10 and select OK: Name VLAN_10 Interface internal VLAN ID 10 Addressing mode Manual IP/Netmask 0.0.0.0/0.0.0.0 Administrative Access HTTPS, PING, TELNET Configure other fields as required. 4 Select Create New. 5 Enter the following information for VLAN_20 and select OK: . Name VLAN_20 Interface internal VLAN ID 20 Addressing mode Manual IP/Netmask 0.0.0.0/0.0.0.0 Administrative Access HTTPS, PING, TELNET Configure other fields as required. Adding the firewall addresses - web-based manager You need to define the addresses of the VLAN subnets for use in firewall policies. The FortiGate unit provides one default address, “allâ€, that you can use when a firewall policy applies to all addresses as a source or destination of a packet. 1 Go to Firewall > Address. 2 Select Create New. 3 Enter the following information and select OK: Address Name VLAN_10_Net IP Range/Subnet 192.168.1.0/255.255.255.0 4 Select Create New. 5 Enter the following information and select OK: Address Name VLAN_20_Net IP Range/Subnet 192.168.1.0/255.255.255.0 Adding the firewall policies - web-based manager 1 Go to Firewall > Policy. 2 Select Create New. 3 Enter the following information and select OK: Interface/Zone Source: VLAN_10, Destination: VLAN_20 Address Name Source: VLAN_10_Net, Destination: VLAN_20_Net Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required. 4 Select Create New. 5 Enter the following information and select OK: Interface/Zone Source: VLAN_20, Destination: VLAN_10 Address Name Source: VLAN_20_Net, Destination: VLAN_10_Net Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required. 6 Select Create New. 7 Enter the following information and select OK: Interface/Zone Source: VLAN_10, Destination: external Address Name Source: VLAN_10_Net, Destination: all Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required. 8 Select Create New. 9 Enter the following information and select OK: Interface/Zone Source: VLAN_20, Destination: external Address Name Source: VLAN_20_Net, Destination: all Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required.
Configuring the FortiGate-80C unit done below. Start the FortiGate web-based manager to configure the FortiGate-80C unit. Adding VLAN subinterfaces - web-based manager 1 Go to System > Network > Interface. 2 Select Create New. 3 Enter the following information for VLAN_10 and select OK: Name VLAN_10 Interface internal VLAN ID 10 Addressing mode Manual IP/Netmask 0.0.0.0/0.0.0.0 Administrative Access HTTPS, PING, TELNET Configure other fields as required. 4 Select Create New. 5 Enter the following information for VLAN_20 and select OK: . Name VLAN_20 Interface internal VLAN ID 20 Addressing mode Manual IP/Netmask 0.0.0.0/0.0.0.0 Administrative Access HTTPS, PING, TELNET Configure other fields as required. Adding the firewall addresses - web-based manager You need to define the addresses of the VLAN subnets for use in firewall policies. The FortiGate unit provides one default address, “allâ€, that you can use when a firewall policy applies to all addresses as a source or destination of a packet. 1 Go to Firewall > Address. 2 Select Create New. 3 Enter the following information and select OK: Address Name VLAN_10_Net IP Range/Subnet 192.168.1.0/255.255.255.0 4 Select Create New. 5 Enter the following information and select OK: Address Name VLAN_20_Net IP Range/Subnet 192.168.1.0/255.255.255.0 Adding the firewall policies - web-based manager 1 Go to Firewall > Policy. 2 Select Create New. 3 Enter the following information and select OK: Interface/Zone Source: VLAN_10, Destination: VLAN_20 Address Name Source: VLAN_10_Net, Destination: VLAN_20_Net Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required. 4 Select Create New. 5 Enter the following information and select OK: Interface/Zone Source: VLAN_20, Destination: VLAN_10 Address Name Source: VLAN_20_Net, Destination: VLAN_10_Net Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required. 6 Select Create New. 7 Enter the following information and select OK: Interface/Zone Source: VLAN_10, Destination: external Address Name Source: VLAN_10_Net, Destination: all Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required. 8 Select Create New. 9 Enter the following information and select OK: Interface/Zone Source: VLAN_20, Destination: external Address Name Source: VLAN_20_Net, Destination: all Schedule Always Service ANY Action ACCEPT NAT Select Configure other fields as required.