Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
khalavak
New Contributor II

FortiGate + FortiSwitch VLANs on both devices?

Hello,

first time poster here so have mercy :)

 

I am new to Fortinet but a long time security / networking administrator. I recently acquired a FortiGate 40F, FortiSwitch 108F and a FortiAP 221 to test it out and learn about Fortinet. 

 

I am running into a stupid problem that I can't understand: 

 

I would like to create VLANs on both FortiSwitch and FortiGate so that FortiGate is the gateway and DHCP-server on these VLAN networks. Furthermore, I would like to use the VLANs on the FortiSwitch so that I can use multiple ports on the switch on these VLANs, say port 1-4 has native VLAN accounting_VLAN and port 5-8 has VLAN printer_vlan, etc.

 

I would also like to use 1 or more ports on the FortiGate on these VLANs if needed. But this does not seem to be possible, to create a VLAN and then tag the VLAN on both FortiGate and FortiSwtich ports? 

From what I can see now, if using VLANs on the FortiSwitch, I can't use these VLANs on the FortiGate ports and use the FG ports for connecting devices to the VLANs that I use?

 

 

High Level overview of what I am trying to do:

 

1. Create VLAN accounting_VLAN(VLAN ID=10) and office_VLAN(VLAN ID=20) on FortiGate with IP-address and DHCP enabled etc. so that the Fortigate is the gateway for the VLAN network. 

2. Use the accounting_VLAN on FortiGate ports so that devices can be plugged into the FortiGate and assigned to one of these VLANs.(if FG-40F, then less ports to use, if 200F then more ports to use)

3. Connect FortiSwtich to FortiGate using Fortlink.

4. Trunk the accounting_VLAN on the trunk to the FortiSwitch

5. Use the accounting_VLAN ports on the FortiSwitch, for example ports 1-8 on accounting_VLAN and ports 9-13 on office_VLAN.

 

However, this doesn't seem to be possible from my testing different configurations? I can create VLANs on the FortiSwtich and tag them as native VLANs on different ports, but I can't use those VLANs on the FortiGate for creating a firewall/gateway interface to those VLANs. 

 

What am I missing? 

 

Best regards,

Kim,

 

21 REPLIES 21
christian_s
New Contributor

Hi!

 

I had the exact same topic. I managed to solve it like that:

1) add a VLAN to the FortiLink interface. Important: disable the option "create address object matching subject". This is crutial, as soon as you have a reference on the vlan you can't add it to software switch anymore

2) add the VLAN to the software switch (like you do with a physical interface), it should be available now

3) now you can assign the vlan to a port on the fortiswitch and it should assign correctly and you should receive an IP address from DHCP configured on the software switch

 

I hope that helps.

 

Kind regards,

Christian

 

 

MateWorks

Hi @christian_s 

This version worked for me, thanks a lot!

I assigned in the software switch VLAN, Wifi SSID, and native ports and working well.

Regards,

Krisztian

 

Top Kudoed Authors