Skip to main content
CSPSPB
CSPSPB
Explorer
July 25, 2022
Question

VLANs on FortiGate 40F

  • July 25, 2022
  • 3 replies
  • 9615 views

Hello. I have to create several VLANs on my FortiGate 40F. Using the Fortigate's UI. I've created VLANs via Interfaces and attached them to `lan` Hardware Switch. Also created policies for both VLANs. If my laptop's Ethernet card is assigned an address within `lan` range (192.168.0.xxx) there's Internet access. If I try an address within `VLAN` range (e.g. 10.1.1.xxx), there's none. Check the pix:001.png002.png003.png004.pngWhat am I doing wrong? Thanks in advance.

3 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
July 25, 2022

I'm assuming you're not using a switch to hook up your laptop. Then make sure you set the VLAN tagging on your laptop like below:
https://www.startech.com/en-us/faq/networking-vlan-tagging
Then check "get sys arp" to see if the laptop's MAC address is there. You can try pinging it from the 40F as well.
My guess is your NIC is not tagging.

 

Toshi

    JonasV
    JonasV
    Explorer
    July 25, 2022

    Agree with @Toshi_Esumi . VLANs created under your ‘lan’ will require that traffic is tagged with that VLAN ID. Your ‘lan’ works, as this is the default (untagged) VLAN. 
    If you are to connect a non managed Fortiswitch, make sure that the uplink port of the switch also tagges the VLAN IDs. 

      CSPSPB
      CSPSPBAuthor
      Explorer
      July 26, 2022

      Thanks @Toshi_Esumi @JonasV . There are two unmanaged Switches connected to Fortigate LAN ports. As far as I understand the customer, they'd like to manually assign IP addresses to network devices onsite and thus, depending on the address, put each of them to a certain VLAN. So it's not just about my laptop - smart TVs, network media players etc. are expected. The unmanaged switches are third-party, not Fortinet, but I'll check their tagging capabilities.

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      July 26, 2022

      If those are decent switches, they should support trunk and access ports so that each device doesn't have to be tagged when access ports are configured. So you should test with your laptop connected to those VLAN access ports.

       

      Toshi

        Terms & ConditionsAccessibility statement