- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- I want to use Network Design by creating Vlan rout...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to use Network Design by creating Vlan routing on Fortigate 200D. Possible or not ?
Hi everyone,
I want to use a network design as download link to redundancy to each Distribution Layer switches by only creating vlans (SVI or Int Vlan Routing method) on FortiGate 200D. Is it possible or not ?
You can see my requirement design in Attached.
Actually, when I testing vlans creation to use on two Etherchannel link to Distribution Layer Switches.
But Vlans can be created on fortigate however only can choose a vlan on one Etherchannel link otherwise cannot choose a vlan on both two Etherchannel link.
So, How can I use another way with redundancy design by creating vlans on fortiGate to Distribution Swithes ???
Pls suggest me how to design to my network by using vlans on fortigate.
Thanks so much all.
aunghtunoo14@gmail.com
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For this it would be easiest to remove all policies beforehand
If you want to distribute a VLAN among multiple interfaces you need to put them in a software switch.
Go to System > Network > interfaces
If your ports are listed individually skip ahead.
If they are listed as something like "internal" remove all policies/dhcp/etc referencing them
Right click the internal > Change Mode and select Interface instead of Switch
Now you need to create software switches for your VLANs.
If I understand your picture correct you want 2 different networks (internal and DMZ) with 2 switches each and redundant connections to the internal switches.
Again in System > Network > Interfaces select Create New
Name "Internal"
Type: Software Switch
Physical Interface Members: add at least 4 ports
Configure the rest as needed
configure an aggregated link (802.ad)
(you could use this as VLAN_lan since it's techically VLAN ID1 default)
Repeat this for "DMZ" but only add 2 ports
(again, this is technically vlan_dmz with ID 1)
Now select Create New
Name: "vlan_LAN"
Type: VLAN
Interface: "Internal" (the one created above)
VLAN ID: your VLAN ID (needs to match the switches)
Configure the rest as needed and repeat for all other VLANs
The DMZ VLANs need to have Interface: "DMZ"
NOW at Policy & Objects > Policies > IPv4 you can create policies to allow access from/to the different vlans as needed, select the VLAN Interface names as Source/destination Interface
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For this it would be easiest to remove all policies beforehand
It really depends. if he has the ports availability even if not the 2nd redundant member he could craft the new L3-subinterface and over that bundle.
Than change the routing to accept traffic from the local vlans at the distribution layer AFTER creating the new policies. I've done this like a thousand or more times.
So if the gateways of vlan_wifi/lan/peripherals are on the distribution-layer switches than this is cut and dry, if not than you have more work.
FWIW; one of the new trends is to enable lacp always even if it's with one member so if you later design or add redundancy in your configuration, you have less work. This is even true imho with lower end units that don't have a lot of ports to begin with. It's always easy just to add member #2 or #3 or #4 etc... after you have the based 803.ad or static bundle defined.
Just keep in mind the smaller SMB firewall models typically don't support lacp/bundles YMMV
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc wrote:I think it's 110 and lower who don't support lacpJust keep in mind the smaller SMB firewall models typically don't support lacp/bundles YMMV
The 200D supports it
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got have the solutions.
I use Redundancy Type to interface to two downstream Distribution Switches.
Then all vlans can pass through over these links that is simple for me.
Thanks so much to all.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- URL Redirection on fortigate FG101E 7 Views
- Fortigate FG200F running 7.4.3 Video Buffering 45 Views
- SSH to Vdom Link IP Address 135 Views
- Unable to route public IP into... 47 Views
- SCP Backup with 7.4.4 not working? 57 Views
Labels
-
FortiGate
7,123 -
FortiClient
1,405 -
5.2
801 -
5.4
639 -
FortiManager
616 -
FortiAnalyzer
453 -
6.0
416 -
FortiAP
373 -
FortiSwitch
369 -
5.6
362 -
FortiClient EMS
290 -
FortiMail
280 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
126 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
101 -
FortiGateCloud
95 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
72 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
38 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiExtender
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
Routing
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
Logging
14 -
FortiDDoS
13 -
RADIUS
12 -
NAT
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
OSPF
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
DNS Filter
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Web rating
4 -
FortiDeceptor
3 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1059 | |
| 882 | |
| 523 | |
| 441 | |
| 147 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.