Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jadacime
Staff
Staff

Created on ‎09-05-2023 08:12 AM Edited on ‎09-28-2023 07:23 AM By Moderator

Article Id 272064

Troubleshooting Tip: How to configure ISP WAN IPv4 with VLAN (Layer 3)

Description This article describes how to configure ISP IPv4 WAN on VLAN (Layer 3).
Scope FortiGate v6.0.0 and above.
Solution

For GUI:

Go to Network -> Interfaces.

 

  1. Create a VLAN interface over the WAN interface:
  • Select Type: VLAN.
  • Select the VLAN ID (number provided by the ISP).
  • Define the Role: WAN
  • Enter the IP address with the correct subnet mask (or leave DHCP if that is the case).
  • Define the Administrative Access for this VLAN, remember that this works similarly as a physical interface.
  • Select 'OK'.

 

jadacime_0-1693924766334.png

 

Remember that this information is provided by the ISP: 

 

  1. After creation, set the static IP, pointing to this new VLAN interface.

 

Go to Network -> static routes.

  • Create New.
  • Define the Gateway address.
  • Left the 0.0.0.0/0 as this is the default.
  • Select the interface ISP_L3.
  • Left the Default config for Administrative Distance and Priority.
  • Select 'OK'.

 

jadacime_1-1693924766340.png

 

  1. After creating the objects above steps, it is necessary to modify the LAN to WAN policy and ALL policies that mentioned this interface as a principal to allow traffic to the internet:
  • Select the Outgoing interface: The VLAN is created.
  • Select 'OK'.

 

jadacime_2-1693924766356.png

 

Configure the Interface by CLI console:

 

config system interface

    edit "ISP_L3"

        set vdom "root"

        set ip 181.181.181.186 255.255.255.248

        set allowaccess ping https http

        set role wan

        set snmp-index 19

        set interface "port2"

        set vlanid 100

    next

end

 

Configure the static route by CLI console:

 

FGTAWS (3) # show

config router static

    edit 3

        set gateway 181.181.181.185

        set device "ISP_L3"

    next

end

 

Modify the Policy by CLI console:

 

config firewall policy

    edit 7

        set status enable

        set name "To_INTERNET"

        set uuid 3730360e-4b5f-51ee-66bd-1481a21243de

        set srcintf "port3"

        set dstintf "ISP_L3" <----- This will be the new interface, the name may change by the configuration.

        set action accept

        set srcaddr "all"

        set dstaddr "all"

        set schedule "always"

        set service "ALL"

        set utm-status enable

        set ssl-ssh-profile "certificate-inspection"

        set logtraffic all

        set nat enable

        next

end

 

 

If there is any doubt about how to create a VLAN, check the document:

Configure the VLAN interfaces on FortiVoice and FortiGate
Technical Tip: How to create a VLAN tagged interface (802.1q) on a FortiGate - tagged/untagged traff... 
Labels:
2552
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.