Trunked VLANS and inter-VLAN routing

Question

First post so go easy guys:)I have a FG VM with a IaaS provider, I am moving the firewall tasks from the VMware NSX edge to the FortiGate VM. I opted to trunk my subnets from the NSX to the FG, instead of a "router on a stick"Questions-1- With these VLANS/SUBNETS trunked to the FG require routes to be configured for traffic to flow between them or does the FG automatically allow inter VLAN routing (Note- I am not using zones, yet, but will see next question)2- if I group VLANS within the same zone and allow intra-VLAN routing, is it basically a free for all, all traffic will pass between VLANS? or are FW policies required between VLANS in the same zone?

lobstercreed · Answer

[ol]Unless you're using a zone, each interface needs a policy to be able to talk to any other interface.  So it's not so much that inter-VLAN routing isn't on (it is always), but that policy won't allow them to talk by default.If you group VLANs in a zone, the zone config has an option to allow intra-zone communication.  If that's set to enabled then you don't need policies, otherwise you do.  It kind of depends whether you want to be able to control (or at least log) traffic within the zone.[/ol]

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded