Hi Everyone!
Good day!
I was trying to work with this scenario and anyone could help me if this is possible? See attached test.jpg. I have a FortiGate, a core switch, distribution switch and client pc. The goal is that FortiGate must act as the DHCP server of all the VLANS (10,20,30). I've already tried to create vlans on the FortiGate (same vlans from the core switch) and enabled dhcp. I already tried to allow all vlans from the core switch (trunk) going to the firewall. The result, the test client in vlan 30 can obtain IP from the firewall, but cannot access internet even firewall policy was already configured on the firewall (virtual interface (vlan30) to WAN)).
Best Regards,
Kulas
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
fresh from implem today, similar design to the one i configured earlier. You can craft fortigate all the vlans you wish to define to the parent interface (e.g port 1 or dmz). now configure your L2 switch to have vlan id same as your fortigate and assign interfaces to its corresponding vlan id's. dont fortigate to choose 1 port from your switch and configure it as trunk port so that it will carry different vlan id's.
For testing purposes enable dhcp server on each FGT sub interfaces so that it will lessen the time configuring ip address for each vlans to your test machine. Don't forget as well to define firewall policy to grant vlan sub-interfaces going to your wan(x) interface for internet access.
Fortigate Newbie
No need for vlan's on the fortigate then.
Create the other DHCP pools on the Fortigate in the cli if you haven't already, but seeing that the client is getting a IP you probably created them all already.
And then make sure your policies is using your internal interface as that is where the traffic would be coming from.
vlan 1 interface (or whatever port the core is plugged into) of your FW is your internal interface
Delete any VLAN interfaces you might have created on the Fortigate, you mentioned (virtual interface (vlan30), remove them if you haven't already.
Add the IP helper address of 192.168.1.254 on all the 3 SVI's on your core
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.