Skip to main content
RoBau
RoBau
New Member
June 18, 2020
Question

VLAN Configuration with 6 VLANs on FG61F

  • June 18, 2020
  • 1 reply
  • 4817 views

Hi there,

 

we have a new customer with a FG61 HA Cluster and we need to configure different VLANs. Normally we just used Vlans for Wifi Networks and combined them with different LAN ports but for this configuration we need to configure 6 different VLANs.

 

We have the 5 LAN ports but we use PORT5 for the heartbeat monitor for HA. Also this FG model comes with a Fortilink A and B port which I found out can be used also as LAN ports.

 

Any idea for best way to configure this scenario?

 

Thanks a lot!!

 

 

1 reply

ede_pfau
SuperUser
ede_pfau
SuperUser
June 18, 2020

The beautiful property of VLANs is that their number does not depend on the number of available physical ports. You can segment your LAN in as many ways as you wish.

The actual setup depends on what you expect how high the combined throughput will be.

 

Usually, I base all internal VLANs off the LAN port, or, the LAN aggregate port (LACP across several physical ports). You could do this IF...if the 61F already supports LACP. It should have been introduced in FortiOS v6.2.x (as rumours have it) so it depends on the firmware you run.

 

OTOH, you might as well get away with a shared 1 Gbps port for LAN and all VLANs as they wouldn't peak all at the same time (exception: backup time).

RoBau
RoBauAuthor
New Member
June 18, 2020

Hi Ede,

 

thanks for your reply. Unfortunately I dont have the information about the throughput but considering that they have actual an old panda gatedefender firewall, I thought that with the FG61F model we will be 100% on the safe side. I do know that their internet access is 600/600mb.

 

Since all Switches (I think HP models) have the configuration of all VLans, we decided not to change the configuration and use the DMZ port, etc. Though having DMZ and Fortilink ports A and B I was wondering which would be the best option.

 

So you say that I configure all 6 VLans on the LAN Interface (currently port 1-4) should be OK. The switches behind know the VLAN ID and the rest should be easy.

 

Am I right or do you have another suggestion?

 

Thanks in advance!

 

 

 

 

lobstercreed
lobstercreed
New Member
June 18, 2020

Roland,

 

You can break apart the internal switch and use a single interface (say internal5) as the physical interface to add the VLANs to.  Or as you suggested you can use the DMZ interface for that purpose. 

 

I've done something similar in the past and am actually planning to redesign my branch campuses to do this very thing with 60F models.  I have many VLANs and will do some on each of 3 or 4 ports.

 

- Daniel

Terms & ConditionsAccessibility statement