I have setup a VLAN interface on internal 7 (Port7) but for some reason it then sets up another interface just for internal7 and it seems I need to set this up with ip address subnet, etc. Then if I connect a switch to that port and connect a pc it gives it the ip address of the internal 7 interface not the VLAN?
So it looks like I don't even need a vlan I can just split the ports and set them up with different ip addreses and that acts as vlan? Is this correct? I need to split up 2 networks over our fortigate 60e with 1 WAN.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Looking at this article even thought its on an old fortigate it looks like I would give internal7 (port7) the ip address and leave VLAN ip settings blank? Is this correct if so unsure why you even create VLAN as its more the port that has lan settings
Hi,
Dont enable interface ip address in PORT 7. Keep 0.0.0.0/0.0.0.0 under that create VLAN .
Need to enable VLAN in SWITCH also .
Now you can see the VLAN address in from PORT 7 .
Regards,
Sudarsan Babu P
Regards,
Sudarsan Babu P
ok thanks thats what ive done. However i cant enable VLAN in Switch as my switch is not a fortiswitch its just a regular unmanaged switch. Can this still be done?
Hi,
You need to create VLAN Tag in fortigate .
Please refer below article :
http://kb.fortinet.com/kb/viewContent.do?externalId=FD30883
Regards,
Sudarsan Babu P
Regards,
Sudarsan Babu P
Depending on what you meant by "need to split up 2 networks" and capability of your switch you have some options.
If both can be on the same broadcast domain, the first option is a secondary IP on Internal7. They can be non-tagged without vlans. But I don't recommend this unless your switch is not capable for trunk and access ports.
Then the other options are involving vlans as you figured. non-tagged + vlan-a as in the KB (a little outdated GUI) or vlan-a + vlan-b. As in the KB Sudarsan Babu P provided, vlan interface is an sub(child)interface of a parent/physical interface, in your case internal7. You need to complete configuration individually. Then in either case the switch port connected to internal7 needs to be a trunk port, and set an access port for the vlan for those devices, which don't talk vlan.
thanks, i ended up setting up a separate interface on internal7 and created a LAN on that and it seems completely seperate to my main network. Heres an image of it and didnt need any vlan, this look ok?
I thought you needed to connect them from the same switch. If you just want to have a separate subnet on Internal7 while all the other ports (1 - 6) are in "internal" hard-switch, that's all you need. "internal" is just combined interface for the members you leave in. By default, all 7 of them are in it, but you can split them up to 7 separate interfaces and configure/connect different subnets without vlan tagging.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.