Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jkchoa
New Contributor

Setting up vlan fortigate 60e

Hi, Can you please refer me a cookbook link, on setting up vlan for 2networks comprising of PCs and cctv ip cameras. The PCs are on 192.168.100.x and have currently gateway to the firewall for internet, while the ipcamera cctv are on different subnet 192.168.200.x, these devices needs to have routing or rather can see the other pc network and initially needs not to have internet. Really could use some examples, to get some knowledge and get started
22 REPLIES 22
mahesh_secure

Hi ,

 

if you added 192.168.200.253 with subnet 24 in switch vlan 10 interface then it will create a route table on switch.

try remove the ip from switch interface and check the same.

 

 

Regards

Mahesh

jkchoa

here's the route ip4 of the switch... strange that when using VLAN10 the gateway cannot be seen, I'll get another cable to simulate laptop to PC local network test and post the output. thanks for your patience.
jkchoa

Sorry for the delay, i left the switch at my client but anyway here's the output for #1 sending arp output
jkchoa

here's arp output when setting IP of laptop to 192.168.200.12
jkchoa

while the arp output of the fortigate, thought the hp1910 switch has not been integrated yet on the network. FGT60E4Q16070804 # get system arp Address Age(min) Hardware Addr Interface 192.168.100.25 0 74:46:a0:bd:95:3d internal 192.168.1.1 0 00:13:33:f5:6c:09 wan1 192.168.100.82 0 10:60:4b:8e:7e:6b internal 192.168.100.70 0 10:e7:c6:4a:0a:b7 internal 192.168.100.8 0 e4:1f:13:3f:12:80 internal 192.168.100.83 0 f4:4d:30:67:39:24 internal 192.168.100.21 0 2c:44:fd:1d:a4:15 internal 192.168.100.84 0 f4:4d:30:67:55:b6 internal 192.168.100.22 0 6c:62:6d:e7:8f:63 internal 192.168.100.116 2 00:16:3e:50:5c:43 internal 192.168.100.85 0 f4:4d:30:67:58:ee internal 192.168.100.23 0 6c:62:6d:e7:8f:5d internal 192.168.100.24 0 6c:62:6d:e7:8f:67 internal 192.168.254.254 0 18:c5:01:b0:9e:e8 wan2 192.168.100.68 2 10:e7:c6:4a:09:a8 internal 192.168.100.81 0 f4:4d:30:69:52:59 internal
mahesh_secure

Hi,

 

could you please share the SS or show running config output of the switch configuration. i think there is no proper layer 2 established

jkchoa

and lastly, ""I've setup vlan id 10 with interface ip 192.168.200.253"" where you set this in fortigate or switch ? this is setup on the Switch HP1910-16G
jkchoa
New Contributor

and the policy.... in your last paragraph "All VLANs which you intend to route/rule through the FGT need to be tagged VLANs, and the connection itself needs to be a VLAN trunk, not an access port. " Are you referring to the connecting switch that goes to the FGT? This switch must have VLAN tagging?
jkchoa
New Contributor

Mahesh,

 

Please find attached file I got on the switch CLI.

mahesh_secure

Hi,

my understanding is that you are creating 192.168.200.x, in fortigate and the gateway for the network in firewall only.

 

try removing the ip address from below interface and try to connect.

 

interface Vlan-interface10 ip address 192.168.200.253 255.255.255.0

 

Regards

Mahesh

Labels
Top Kudoed Authors