Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ameif56hgt
New Contributor II

Best Way To Use Common Internet Policies For Multiple LANs

Maybe this is an easy one but I haven't figured it out.  I have 4 LANs, one wired and three WiFi, one is a guest, and one is a IoT.  They all need to access the internet, and I have 6 or 7 blocking rules that are repeated for each.  I want to have these policies in one place that all internet access goes through.  I use Central NAT.

 

So, I'm guessing I make a VLAN, and put the rules in there. Then just have each LAN exit to this VLAN, and have the VLAN exit to the WAN port. But in this VLAN, what do I do about IP addresses and what about Central NAT?  So LAN to VLAN to WAN.  Do I just NAT LAN to WAN, like normal, and the VLAN figures it out inside?  Anything I need to look out for?  Thanks.

2 REPLIES 2
Demir25
New Contributor III

Have you considered the usage of Zones? By adding the specific interfaces in a Zone you can then call the Zone instead of separate interfaces in a firewall policy and allow the traffic to the internet. This definitely increases policy management and reduces firewall policies.  More into Zones: https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/116821/zone

ameif56hgt
New Contributor II

It looks helpful, but it also appears you can only put interfaces in a Zone if they are completely unused, which means losing several days work, so isn't going to happen. 

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors