Could someone please check if the configuration settings are correct.
I am trying to setup 2 VLANs on a clients network with a single subnet.
They are using Fortigate-80C as the DHCP server 192.168.1.1/255.255.255.0 and router to the internet.
The 3Com 2226 switch has been set with 2 VLANs with one same port tagged on each VLAN (to the Fortigate-80C) and the others untagged to the relevant VLANs.
This is the client’s network topo.
Configuring the FortiGate-80C unit done below.
Start the FortiGate web-based manager to configure the FortiGate-80C unit.
Adding VLAN subinterfaces - web-based manager
1 Go to System > Network > Interface.
2 Select Create New.
3 Enter the following information for VLAN_10 and select OK:
Name VLAN_10
Interface internal
VLAN ID 10
Addressing mode Manual
IP/Netmask 0.0.0.0/0.0.0.0
Administrative Access HTTPS, PING, TELNET
Configure other fields as required.
4 Select Create New.
5 Enter the following information for VLAN_20 and select OK:
.
Name VLAN_20
Interface internal
VLAN ID 20
Addressing mode Manual
IP/Netmask 0.0.0.0/0.0.0.0
Administrative Access HTTPS, PING, TELNET
Configure other fields as required.
Adding the firewall addresses - web-based manager
You need to define the addresses of the VLAN subnets for use in firewall policies. The
FortiGate unit provides one default address, “allâ€, that you can use when a firewall
policy applies to all addresses as a source or destination of a packet.
1 Go to Firewall > Address.
2 Select Create New.
3 Enter the following information and select OK:
Address Name VLAN_10_Net
IP Range/Subnet 192.168.1.0/255.255.255.0
4 Select Create New.
5 Enter the following information and select OK:
Address Name VLAN_20_Net
IP Range/Subnet 192.168.1.0/255.255.255.0
Adding the firewall policies - web-based manager
1 Go to Firewall > Policy.
2 Select Create New.
3 Enter the following information and select OK:
Interface/Zone Source: VLAN_10, Destination: VLAN_20
Address Name Source: VLAN_10_Net, Destination: VLAN_20_Net
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
4 Select Create New.
5 Enter the following information and select OK:
Interface/Zone Source: VLAN_20, Destination: VLAN_10
Address Name Source: VLAN_20_Net, Destination: VLAN_10_Net
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
6 Select Create New.
7 Enter the following information and select OK:
Interface/Zone Source: VLAN_10, Destination: external
Address Name Source: VLAN_10_Net, Destination: all
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
8 Select Create New.
9 Enter the following information and select OK:
Interface/Zone Source: VLAN_20, Destination: external
Address Name Source: VLAN_20_Net, Destination: all
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
Configuring the FortiGate-80C unit done below.
Start the FortiGate web-based manager to configure the FortiGate-80C unit.
Adding VLAN subinterfaces - web-based manager
1 Go to System > Network > Interface.
2 Select Create New.
3 Enter the following information for VLAN_10 and select OK:
Name VLAN_10
Interface internal
VLAN ID 10
Addressing mode Manual
IP/Netmask 0.0.0.0/0.0.0.0
Administrative Access HTTPS, PING, TELNET
Configure other fields as required.
4 Select Create New.
5 Enter the following information for VLAN_20 and select OK:
.
Name VLAN_20
Interface internal
VLAN ID 20
Addressing mode Manual
IP/Netmask 0.0.0.0/0.0.0.0
Administrative Access HTTPS, PING, TELNET
Configure other fields as required.
Adding the firewall addresses - web-based manager
You need to define the addresses of the VLAN subnets for use in firewall policies. The
FortiGate unit provides one default address, “allâ€, that you can use when a firewall
policy applies to all addresses as a source or destination of a packet.
1 Go to Firewall > Address.
2 Select Create New.
3 Enter the following information and select OK:
Address Name VLAN_10_Net
IP Range/Subnet 192.168.1.0/255.255.255.0
4 Select Create New.
5 Enter the following information and select OK:
Address Name VLAN_20_Net
IP Range/Subnet 192.168.1.0/255.255.255.0
Adding the firewall policies - web-based manager
1 Go to Firewall > Policy.
2 Select Create New.
3 Enter the following information and select OK:
Interface/Zone Source: VLAN_10, Destination: VLAN_20
Address Name Source: VLAN_10_Net, Destination: VLAN_20_Net
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
4 Select Create New.
5 Enter the following information and select OK:
Interface/Zone Source: VLAN_20, Destination: VLAN_10
Address Name Source: VLAN_20_Net, Destination: VLAN_10_Net
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
6 Select Create New.
7 Enter the following information and select OK:
Interface/Zone Source: VLAN_10, Destination: external
Address Name Source: VLAN_10_Net, Destination: all
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
8 Select Create New.
9 Enter the following information and select OK:
Interface/Zone Source: VLAN_20, Destination: external
Address Name Source: VLAN_20_Net, Destination: all
Schedule Always
Service ANY
Action ACCEPT
NAT Select
Configure other fields as required.
Why even bother with VLANs? Is there a need by manglement? (intentional misspelling 
)
)
