- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiGate + FortiSwitch VLANs on both devices?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate + FortiSwitch VLANs on both devices?
Hello,
first time poster here so have mercy :)
I am new to Fortinet but a long time security / networking administrator. I recently acquired a FortiGate 40F, FortiSwitch 108F and a FortiAP 221 to test it out and learn about Fortinet.
I am running into a stupid problem that I can't understand:
I would like to create VLANs on both FortiSwitch and FortiGate so that FortiGate is the gateway and DHCP-server on these VLAN networks. Furthermore, I would like to use the VLANs on the FortiSwitch so that I can use multiple ports on the switch on these VLANs, say port 1-4 has native VLAN accounting_VLAN and port 5-8 has VLAN printer_vlan, etc.
I would also like to use 1 or more ports on the FortiGate on these VLANs if needed. But this does not seem to be possible, to create a VLAN and then tag the VLAN on both FortiGate and FortiSwtich ports?
From what I can see now, if using VLANs on the FortiSwitch, I can't use these VLANs on the FortiGate ports and use the FG ports for connecting devices to the VLANs that I use?
High Level overview of what I am trying to do:
1. Create VLAN accounting_VLAN(VLAN ID=10) and office_VLAN(VLAN ID=20) on FortiGate with IP-address and DHCP enabled etc. so that the Fortigate is the gateway for the VLAN network.
2. Use the accounting_VLAN on FortiGate ports so that devices can be plugged into the FortiGate and assigned to one of these VLANs.(if FG-40F, then less ports to use, if 200F then more ports to use)
3. Connect FortiSwtich to FortiGate using Fortlink.
4. Trunk the accounting_VLAN on the trunk to the FortiSwitch
5. Use the accounting_VLAN ports on the FortiSwitch, for example ports 1-8 on accounting_VLAN and ports 9-13 on office_VLAN.
However, this doesn't seem to be possible from my testing different configurations? I can create VLANs on the FortiSwtich and tag them as native VLANs on different ports, but I can't use those VLANs on the FortiGate for creating a firewall/gateway interface to those VLANs.
What am I missing?
Best regards,
Kim,
Labels:
- Labels:
-
FortiGate
-
FortiSwitch
- « Previous
- Next »
21 REPLIES 21
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
I had the exact same topic. I managed to solve it like that:
1) add a VLAN to the FortiLink interface. Important: disable the option "create address object matching subject". This is crutial, as soon as you have a reference on the vlan you can't add it to software switch anymore
2) add the VLAN to the software switch (like you do with a physical interface), it should be available now
3) now you can assign the vlan to a port on the fortiswitch and it should assign correctly and you should receive an IP address from DHCP configured on the software switch
I hope that helps.
Kind regards,
Christian
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @christian_s
This version worked for me, thanks a lot!
I assigned in the software switch VLAN, Wifi SSID, and native ports and working well.
Regards,
Krisztian
- « Previous
- Next »
Related Posts
- new switch license 84 Views
- Help setting up internet access for... 172 Views
- connect fortigate to 2 sophos at... 255 Views
- Create branch office VPN so that... 173 Views
- Fortigate 60d boot device failing 173 Views
Labels
-
FortiGate
6,531 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.