Transit vlan

Forum|Forum|7 years ago
April 23, 2019
1 reply
22991 views

Hello.

sorry for my bad english.

I have fortigate 200d and i need set up transit vlan

I move virtual server from my network to provider, and he can't give me l2 network, only trasnit l3

Now i need set up transit vlan where i route my vlan, and i don't understand how i must create it.

Cable from provider plug in physical interface on fortigate, i set ip of transit vlan on it and create vlan with tag.

see attach

transit.jpg

5.4

Best answer by sw2090

you have to have

- one vlan interface that has vid of the transit vlan and is usually bend to a physical interface. You already have that.

- a static route for the subnet you want to reach over the vlan ith your providers gateway as gateway.

- at least one policy to allow the traffic. This has the transit vlan interface as source interface and the remote subnet as destination. Incoming interface is the interface you are on and source is the subnet you come from.

Toshi_Esumi

SuperUser

The diagram tell a thousand words. Very simple. Create a vlan interface with vlanid 901 under the physical interface then put 10.3.198.10/24 on the vlan interface. You obviously need proper static routes to reach those 5 subnets.

______mih_ai______Author

New Member

When i create vlan 901 under physical interface, i can't ping provider gate 10.3.198.1. When i try set up gate for static route i write 10.3.198.10 and it's fail, i can't use ip address which choosen for ip adress on physical interface. My provider tell me use 10.3.198.10 like gate for me

Toshi_Esumi

SuperUser

Leave IP area blank on the physical/parent interface. That's a non-tagged interface. Then you should sniff traffic on the vlan 901 interface (diag sniffer packet VLAN_INTERFACE_NAME) to get any clue for what's going on.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded