Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiPhish
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Create VLAN for Guest wireless network
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create VLAN for Guest wireless network
Hi All:
I have a FG100a running 3.0 MR6 patch 3 running in NAT mode. I have all 5 interfaces configured (60 workstations on internal with DHCP configured) and in use and would like to create a new VLAN that I could configure to attach a wireless access point for guests that come into our office and route there traffic only to the internet.
1. Is this possible without hosing my existing users?
2. With unmanaged switches, is this possible?
3. I know the FG100a has 4 more switch ports that are not in use. Can I utilyze these ports to do this? If so, they do not show under " System-Network" as available for configuration.
Does anyone else out there have a sample config they would like to chare?
Thanks in advance!
Eric B
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
1. Is this possible without hosing my existing users?I am not sure to understand about what are you meaning but ' hosing your users' but every new usergroup should be controlled by appropiate policies to avoid bottlenecks, etc. For instance, your proposed path (Vlans) is better that another approach.
2. With unmanaged switches, is this possible?No. You need a switch that understand 802.1q protocol.
3. I know the FG100a has 4 more switch ports that are not in use. Can I utilyze these ports to do this? If so, they do not show under " System-Network" as available for configuration.If your 100A unit has its serial number starting with FG100A2905 you' ve a ' revision 2' unit and you could transform the 4-port internal switch into 4 independent ports. Look in system->network and you could see a ' switch to interface mode' button Take in account that in order to activate that mode, you need to clean all references to your ' internal' interface (that' s = you lost your present config ).
Does anyone else out there have a sample config they would like to chare?If you go for VLAN path, nothing special, just treat is another interface and take care about the vlan tag in your switch config regards,
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the quick reply Abel.
My serial number starts with FG100A39075. Does your reference to rev 2 mean all serial numbers starting at FG100A2905 and above? Currently under Status-Network I have only two buttons: " Create New" and " Switch Mode." If, in fact, I can change to interface mode I assume I would no longer need to use a VLAN as I would be able to just configure a different port and use routing and policies to secure my traffic.
I understand that I have to remove all the existing policies for my current " Internal" port (ouch) so in there a way to capture any and all routes/policies for that port so I can reconfigure it once (and if) I can switch modes? And would this also affect any other routes/policies that are bound to my other ports (DMZ1, DMZ2 etc) that are relative to my current " Internal" ?
Sorry for so many questions, I just want to be entirely clear on what the consequences may be.
Thanks again Abel.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you' re welcome;
My serial number starts with FG100A39075. Does your reference to rev 2 mean all serial numbers starting at FG100A2905 and above?Exactly, you could switch into ' interface mode'
Currently under Status-Network I have only two buttons: " Create New" and " Switch Mode." If, in fact, I can change to interface mode I assume I would no longer need to use a VLAN as I would be able to just configure a different port and use routing and policies to secure my traffic.indeed, if you click ' switch mode' button, you' ll see the options available, that you' re in (4-ports switched) and ' interface mode' with four interfaces internal1,.., internal4, that you' ll can address separately.
I understand that I have to remove all the existing policies for my current " Internal" port (ouch) so in there a way to capture any and all routes/policies for that port so I can reconfigure it once (and if) I can switch modes?Any reference to a ' internal' interface (policies, dns forwarding, routes, vpn, DHCP, etc) will avoid you can switch to interfase mode. Unless you remove all these references (the box itself will warn you) you' ll cannot switch. Indeed, you' ll lose actual configuration and you' ll have to reconfigure it for instance for ' internal1' new interface.
And would this also affect any other routes/policies that are bound to my other ports (DMZ1, DMZ2 etc) that are relative to my current " Internal" ?ANY reference to ' internal' interface will need to be removed and reconfigured for a new interfaces internal1 or internalX you choose. If routes/policies are between DMZXs or WANxs, no problem
Sorry for so many questions, I just want to be entirely clear on what the consequences may be.remember 2 things: - after switch to interface mode, the 4 new internal interfaces are not addressed, so you' ll need to log into your box through WANx or DMZx interfaces if you use webGUI. Arrange the things appropiately to ensure you can do that before switching. If Not, you' ll need log using the Console to configure the new internal interfaces. - a good timesaving tip could be work a little with the backup file with a plain-text editor and replace ' internal' references with, for example, ' internal1' . You could paste those commands with CLI directly after the big change. After you recover the functionality with the four interfaces splitted, your original post will be a very easy task, working with the new interfaces. Good luck and patience.
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the help Abel. I like your idea about using a text editor on an existing backup of the current config. I assume this means I remove all other config entries from the edited file (not associated with the current Internal) so as to only add back those necessary for re-associating with newly created Internal1.
I can then attach my Colubris MSC (conrtoller for 2 WAPs) directly to Internal 2 (which supports 802.1q). This will allow me to:
1) remove an unmanaged switch between the FG and the MSC (1 less hop)
2) configure a separate IP range for Internal 2 with rules/routes (basically mimicking Internal1)
3) Configure a VLAN and bind it to Internal2, then configure same VLAN on the MSC to add my additional functionality for guest network.
No small piece of work. :-)
I will also keep an additional copy so I can always revert back if something hoses.
Thanks again Abel.
Not applicable
Created on 12-21-2008 05:55 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone know if this is possible with a FortiGate 50? I thought it was but would feel more comfortable wiping the configuration if someone knew for sure that it could or could not work.
Thanks!
-
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
O Does anyone know if this is possible with a FortiGate 50?Hello and welcome, No, it is not possible for a 50 model (the splitting interfaces stuff) Assuming you´ve a 50A or 50B, you could use VLANs regards
regards
/ Abel
regards
/ Abel
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Subnets in hub architecture and spokes... 59 Views
- FortiNAC Captive Portal using Azure AD... 241 Views
- EMS CLOUD POOL IP GW 107 Views
- Fortiswitch replacing existing Core Switch 200 Views
- Block ping internal to internal 228 Views
Labels
-
FortiGate
8,012 -
FortiClient
1,606 -
5.2
801 -
FortiManager
677 -
5.4
639 -
FortiAnalyzer
516 -
FortiSwitch
423 -
FortiAP
421 -
6.0
416 -
5.6
362 -
FortiClient EMS
362 -
FortiMail
300 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
187 -
SSL-VPN
174 -
FortiNAC
160 -
IPsec
154 -
6.4
128 -
FortiGuard
124 -
FortiGateCloud
98 -
FortiCloud Products
94 -
FortiSIEM
93 -
SD-WAN
88 -
FortiToken
86 -
Customer Service
74 -
Wireless Controller
74 -
FortiAuthenticator
68 -
4.0MR3
64 -
FortiProxy
53 -
Firewall policy
53 -
FortiEDR
50 -
Fortivoice
49 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
FortiDNS
41 -
High Availability
40 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
34 -
LDAP
34 -
FortiSwitch v6.4
33 -
DNS
33 -
BGP
32 -
SAML
31 -
Certificate
30 -
Interface
29 -
SSO
27 -
NAT
27 -
FortiConnect
25 -
Authentication
25 -
FortiWAN
24 -
FortiConverter
24 -
RADIUS
24 -
FortiGate v5.2
23 -
VDOM
23 -
FortiLink
22 -
Virtual IP
20 -
Web profile
20 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Fortigate Cloud
18 -
Logging
18 -
FortiMonitor
16 -
Traffic shaping
16 -
Application control
16 -
FortiDDoS
15 -
FortiPAM
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Admin
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiRecorder
10 -
SNMP
10 -
4.0MR2
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiGate v4.0 MR3
8 -
FortiManager v4.0
8 -
FortiBridge
8 -
IPS signature
8 -
System settings
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
RMA Information and Announcements
7 -
Traffic shaping policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Security profile
6 -
Port policy
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
DLP sensor
4 -
Email filter profile
4 -
Web rating
4 -
Fortinet Engage Partner Program
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Netflow
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Application signature
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1 -
Cloud Management Security
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1468 | |
| 1007 | |
| 748 | |
| 443 | |
| 206 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.