Hi everyone.
I am new to Fortigate firewall, coming from Juniper SRX back ground.
This is what I am trying to accomplish:
End hosts--SW--trunk----Port2-Fortigate FW
Port 2 should be layer 2 trunk port, accept tagged traffic for vlan 20
Vlan 20 should be defined and have IP 2.2.2.2/24
How do I proceed?
Additional info:
Platform: VM (Fortigate-VM64, version v6.2.0 ,build 0866)
Thanks and have a nice weekend!!
Solved! Go to Solution.
Thanks for your response.
Just to be clear about the tagging logic on Fortigate firewall.
1) On other vendors, we have to specifically tell the FW treat the port as tagged port.
2) On Fortigate FW, there is no such setting, rather the presence of multiple vlans on a single port, tells the FW to use tagging i.e no we do not need to tell FW to use tag via some specific config, just put vlans on a port will do the trick.
Have a good weekend!!
Every Fortigate VLAN interface is seen as a physical interface and does need
- firewall routing
- firewall policies
You can combine interfaces into a zone (depending which Forti OS version you have). This will limit the number of policies you need to manage.
zee,
Fortigate VLAN Interface / Tagged Interface logic is same as Cisco / PaloAlto etc. In Cisco we do create Layer 3 Sub Intefaces with VLAN tags. In PaloAlto also we do the same thing. In Fortgate there is no so called thing like Sub Interface but logic is the same. That is create VLAN Interface with a VLAN tag and bind it to Physical Port. Then it works as a Sub Interfaces in Cisco, PaloAlto and Checkpoint.
Please see the below steps.
Configuration steps from the GUI :
1) Go to System -> Network and select 'Create New'.
2) Give a Name to the VLAN interface.
3) Choose the physical interface on which to attach the VLAN.
4) Select 'Type' as VLAN.
5) Give the desired VLAN ID. ....all other fields are depending on your other requirement (IP address, ping server...)
6) Select 'Apply'.
7) Go to System -> Network, select the blue arrow to expand the physical port and the VLAN will be displayed.
Configuration steps from the CLI
# config system interface edit "My_VLAN_100" set vdom "<vdom name>" set ip a.b.c.d e.f.g.h set interface "port1" set vlanid 100 next end
@zee:
VLAN ports in FortiOS always are tagged, there is no additional step to take to connect a FGT to a VLAN trunk.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.