Skip to main content
shaan129
shaan129
New Member
October 22, 2019
Question

Vlan-Routing on Fortigate60E

  • October 22, 2019
  • 1 reply
  • 5383 views
Dear All , Hello , I have Vlan 100 which is management ips for all the devices in network so i do have core switch & FW connected on Vlan 100 as well FW - 192.168.255.1 , Core Switch 192.168.255.11 & on core switch the port is untagged with Vlan 100 & on FW side its configured as hardware switch with ip as mentioned above. I have VLANs which are defined on the core switch & are with different subnets as well , now i want not all but only some to have internet access on them so i have pointed on the core switch default route to 192.168.255.1 and on the Fw i have pointed the route to be 192.168.255.11 because the gateway for these vlans are defined on the Core switch but the thins is i am not able to reach the internet from these vlans Kindly help Regards Shaan

    1 reply

    coolbreeze
    coolbreeze
    New Member
    October 22, 2019

    You set the default gateway on the Fortigate to your Internet provider (or use a Dynamic Gateway route). You would then create static routes for your internal subnets to point to your core router. It would not be a default route. 

     

    On policies, then you would create outbound rules with source addresses to include the subnets you want to be able to access the Internet. 

     

    Without that policy on the Fortigate you won't reach anything. It blocks everything by default.

    sw2090
    SuperUser
    sw2090
    SuperUser
    October 23, 2019

    in addition to coolbreeze:

     

    youo have to make sure that all vlan traffic reaches the fortigate on one Port and that on the Fortigate this one port carries all the vlans. Then every vlan needs a policy for the internet. Clients in the vlan should then have the vlan IP of the Fortigate als default gw (or you would also need ap policy for every vlan that allows vlan clients to reach the management ip and interface of the fortigate.

    shaan129
    shaan129Author
    New Member
    October 23, 2019

    Thank you coolbreeze ,sw2090 for your comments .

     

    I did the same and the internet is working now but with juniper we did not use to do this instead we had untagged port on the core switch connecting to FW & the subnets which has to reach the internet we use to have the gateway defined for them on the core switch itself with a default route pointing to FW & on firewall no interfaces either but just a default route pointing to Core switch and internet use to work for those subnets.

     

    The way i have configured is that the only way how internet will for subnets on lan i.e. to have gateway on Fortigate instead of core switch , will it not work with gateways being on the Core Switch ?

     

     

    Regards

    Shaan

    Terms & ConditionsAccessibility statement