Hi Guys,
I need help for configuring vlans access to internet on fortigate 100d.
ISP>>>Fortigate 100D>>>Alcatel OS6860E-24>>>Access SW
-VLAN 1(internal LAN, interface default of FG100D, management vlan): 192.168.40.0/22 with DHCP Server and SNMP Server OmniVista 2500NMS for deploy Stellar Access Point
-VLAN 10( Office): 172.16.142.0/24
-VLAN 40( Guest): 10.0.1.0/16
I need 3 vlans can access to internet .
-Config on FG100D:
1/Create 2 sub interface on Lan interface: sub-interface vlan10 and vlan 40
2/Create Policy:
a/Policy vlan 10 to internet: interface vlan10 to wan 1
b/Policy vlan 40 to internet: interface vlan40 to wan 1
c/Policy vlan 10 to vlan 1: interface vlan 10 to lan
d/Policy vlan 40 to vlan 1: interface vlan 40 to lan
3/Create Static route:
a/Default route: Dest:0.0.0.0/0, Device Type: Wan 1, ISP Default GW
b/Vlan 10 to Vlan 1: Dest: 192.168.40.0/22, Device Type: LAN, Default GW: IP interface vlan 10
c/Vlan 40 to vlan 1: Dest: 192.168.40.0/22, Device Type: LAN, Default GW: IP interface vlan 40
Please tell me what wrong in my configuration
Have you gotten the trunking configured correctly yet on the Alcatel? Can you PING the default gateways on the Fortigate from those VLANs?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
@rwpatterson: hi, sorry for late reply.
Tomorrow i will deploy fortigate 100D for my customer follow above steps, and just be sure to doing .
Hi OP,
Since you said all 3 vlans should have Internet access, I didn't see any policy allowing vlan1 to the wan interface. Either no policy allowing vlan1 to other vlans. So how could your devices in 192.168.40.0/22 initiate outbound traffic?
Keep in touch. Thanks!
Hi
Since All 3 Vlans are directly connected to Fortigate .You don't need to define any route .Please share the fortigate Conf to validate your configuration .Also is there any subnets behind Vlan1 which require static route pointing to Lan next hop.Hope this clears your doubt .
Regds
Ashik
Hi guys,
I had configured for my customer fortigate 100D and 3 vlans access to internet.
1/ Interfaces:
-sub interface lan: 192.168.40.1/22 type:hardware switch
-sub interface vl10: 10.0.1.1/16 type:vlan
-sub int vl40: 172.168.142.1/24 type:vlan
2/ IPv4 Policy:
a/lan to wan1
b/vlan10 to wan1
c/vlan40 to wan1
d/lan to vlan10
e/vlan10 to lan
f/lan to vlan40
g/vlan40 to lan
DHCP server and SNMP server on Lan network: 192.168.40.0/22 so i need policy d,e,f,g. Is that right ?
3/ Default Route: 0.0.0.0/0 wan1
Hi Hung,
That configure is not bad. But I guess your traffic between Vlan40 and Vlan10 would be blocked. Is that by designed?
Hi ericli,
Yes, this is diagram for hotel, vlan 10 is guest network, vlan 40 is office network.
That's great. Thanks!
I have on L3 avaya switch switch have 2 vlans vlan 10 with ip address 30.30.30.3 255.255.255.0 vlan 20 with ip address 20.20.20.3 255.255.255.0 intervlan routing is activated on both and ip routing is ON on all eth vlan 10 have ports 11-24 vlan 20 have ports 2-10 on vlan 20 i am connecting fortigate firewall 60c interface ip address is 20.20.20.4 and connecting 1 pc that got ip from fortigate DHCP pool 20.20.20.6 on vlan 10 pc is connected ip address 30.30.30.4 on firewall side i have cable to WAN 1 with ip 172.16.100.1 and my firewall got ip address 172.16.100.132 internet on firewall is working also on pc on vlan 20 (same firewall's vlan ) but on vlan 10 i have no internet access even know pc on vlan 10 can ping firewall and access GUI and firewall can ping it also as per static route i have 0.0.0.0/0.0.0.0 to wan 1 and default gateway is 172.16.100.1 30.30.30.0/255.255.255.0 internal gateway 20.20.20.3 policy is set all to all , Nat is activated on all interfaces how can I allow pc on vlan 10 to access internet
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.