Hi funkylicious,

All interface vlans are on fortigate except vlan 10 which is on cisco 3750 switch. So what correct route do i have to write?

Based on what you are saying is that you have, let's say by example, the ones from below.

intf VLAN A - 192.168.A.1/24
intf VLAN B  - 192.168.B.1/24
intf VLAN C - 192.168.C.1/24

intf VLAN10 - 192.168.10.10 /24

You are trying to access from subnet VLAN A the interface which is VLAN10, therefore you already have a route back to VLAN A directly connected to interface VLAN A so it know how the return traffic to exit the correct interface.

If this is a setup that you are using, you can delete the static route ( you would need a firewall policy with towards VLAN10 from the source interface where you are initiating the traffic.

But if the source IP from which you are trying to access VLAN10 interface is not defined locally on FGT, then yes, you need a static route with destination subnet X - 192.168.X.0/24 to mgmt interface and 192.168.10.10 nexthop if that ( the switch ) is the default gateway for inbound/outbound traffic .

The valn which i am going to access vlan 10 is vlan 30. Vlan 30 is a sub interface (port1) on fgt but vlan 10 is not on fgt and it's int vlan is on cisco switch. If i want to use policy the source interface would be vlan30 but how about outgoing interface?

Then you would only need to create a firewall rule from vlan 30 to mgmt.

But you can also activate http/https under vlan30 and access the GUI with the IP of the interface, without any rule required.

Because mgmt port is set to dedicated management , is not shown on interface list when you create a policy

That might explain your situation at the moment.

I personally dont use the mgmt interface to be dedicated for management.

I would rather do that with any regular interface, like in your case it can be the on vlan30, you would need to activate the services on it.

I wanted to seperate mgmt traffic from other traffics.