VLAN TROUBLESHOOTING

Question

Hey Guys,I am new to FortiGate and Aroba. I wanted to implement a network segmentation on our network this side but i am seeing problems, I created vlans both on the aroba switch and the FortiGate and trunked the port from the switch to the firewall. I even gave on policies for every vlan to show what directions each vlan should take, but there's no communication between the vlans or the vlans to the internet (for the ones having outgoing interface as wan) End devices are able to acquire addresses as per the addressing table. I even did a trace route on the device which was connected to the CORP and Pent vlans and all of them end at their gateways (the ones specified on the firewalls). I carried on doing a debug on the cli on FortiGate to see if at all packets arrive to their designated policies (by doing pin 8.8.8.8 on CORP since it has The Internet policy enabled) nothing popped up from the cliThings verifiedDHCP of the corresponding vlan issues the correct address as par the addressing polllogs from the local traffic show policy type as "Firewall" Doing a packet capture on the interfaces show data only when a client pings the vlan interface IP

The_Banker · Accepted Answer

The issue at hand was the Gateway, i assigned the Gateway to an IP which di not exist in the Firewall instead of assigning the gateway to the interface of the particular vlan

funkylicious · Answer

hi,have you done it like here - https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-1q-on-a/ta-p/193893 ?for internet access, you need firewall policies from vlan interface to wan interface, src all, dst all, service all with NAT enabled for simplicity.also, a route to the internet from the fortigate is required.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded