Skip to main content
wotik
wotik
Explorer III
April 14, 2023
Question

VLAN

  • April 14, 2023
  • 2 replies
  • 1693 views

Hello

 

I may ask a stupid question - forgive me ;) - will this configuration work:

 

FG60F + LAN with unmanaged switches.

 

In your FG, one of the physical LAN ports (e.g. LAN3) belongs to the VLAN Switch. If I create a new VLAN interface and connect it to the Switch VLAN interface, is there a chance to create a working VLAN? Will it be possible to communicate between this VLAN and the VLAN Switch after creating appropriate firewall policies?

 

Does it need to be solved differently?

 

I want to create a separate subnet that will be able to communicate with the VLAN Switch to a limited extent.

 

Thanks for any tips.

2 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
April 14, 2023

By default with a 60F all LAN1(internal1)-LAN5(internal5) are bound to a VLAN switch "internal". If you create a VLAN subinterface on the internal interface, that would connect to a switch at any of those ports with the VLAN tag.

A VLAN subinterface is an independent interface you can configure an IP. Different from "internal".

 

Toshi

Christian_89
Christian_89
Contributor III
April 15, 2023

hello Wojtek

If I understand correctly.
Then you would have to break the SW switch on the Fortigate and make single interface and then connect your Unmangendet switch to an interface.

 

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
April 15, 2023

You don't have to. The new VLAN is just spread out to all member ports including LAN3/internal3. And the VLAN switch is NOT a soft-switch. Not a hard-switch either though. See @AlexC-FTNT's KB below:
https://community.fortinet.com/t5/FortiGate/Setup-comparison-between-FortiGate-Hardware-switch-Software/ta-p/210092

 

But it's probably better if you separate the port from the VLAN switch as @Christian_89 suggests so that other ports won't have the VLAN.

 

Toshi

Terms & ConditionsAccessibility statement