Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
in001
New Contributor

VLAN tagged and untagged Ports same firewall zone

Hi

 

I have the following network toplogy.

 

-Port 1 (VLAN tagged, VLAN100, VLAN200, VLAN250)
-port 2 (VLAN tagged, VLAN100, VLAN200, VLAN250)

-Port 7 (VLAN untagged)
-port 8 (VLAN untagged)
-port 9 (VLAN untagged)
-port 10 (VLAN untagged)

 

Now I have made different Interfaces in the Fortigate and now I can make the firewall rules accordingly between the VLANs.

 

But now I want port 7-10 to be treated like VLAN250 in the Fortigate. But I don't manage to configure this.

 

I'm new in configuring fortigates.

 

Thanks for the help.

6 REPLIES 6
in001
New Contributor

Its  a 100F.

 

My idea was to create a vlan switch:

in001_1-1669887605808.png

 

 

But this is not working. The untagged Ports are not reachable. Is also clear nowhere is said that these vlan 250 are...

 

I think is simple, but I do not see it right now.

 

and I want to have only one "zone" at the firewall where the tagged and untagged ports are included.

 

in001
New Contributor

Problem solved. I configured a own subnet for the untagged ports.

MaddyBrack
New Contributor


@in001 wrote:

Hi

 

I have the following network toplogy.

 

-Port 1 (VLAN tagged, VLAN100, VLAN200, VLAN250)
-port 2 (VLAN tagged, VLAN100, VLAN200, VLAN250)

-Port 7 (VLAN untagged)
-port 8 (VLAN untagged)
-port 9 (VLAN untagged)
-port 10 (VLAN untagged)

 

Now I have made different Interfaces in the Fortigate and now I can make the firewall rules accordingly between the VLANs. Thanks to made multiple changes in my videos via Alight Motion App which is extremely unbelievable.

 

But now I want port 7-10 to be treated like VLAN250 in the Fortigate. But I don't manage to configure this.

 

I'm new in configuring fortigates.

 

Thanks for the help.


Hi Everyone,

A port can't be tagged and untagged to the same Vlan. So if uplink between ProCurve and Cisco, the Native Vlan on Cisco should match the Default_Vlan on ProCurve (default to one). the command to change it is: SW(config-if)#switchport trunk native vlan (default_Vlan ID).

karinacooper25
New Contributor


@in001 wrote:

Hi

 

I have the following network toplogy.

 

-Port 1 (VLAN tagged, VLAN100, VLAN200, VLAN250)
-port 2 (VLAN tagged, VLAN100, VLAN200, VLAN250)

-Port 7 (VLAN untagged)
-port 8 (VLAN untagged)
-port 9 (VLAN untagged)
-port 10 (VLAN untagged)

 

Now I have made different Interfaces in the Fortigate via alight motion and now I can make the firewall rules accordingly between the VLANs.

 

But now I want port 7-10 to be treated like VLAN250 in the Fortigate. But I don't manage to configure this.

 

I'm new in configuring fortigates.

 

Thanks for the help.


So what did you do?

Toshi_Esumi
Esteemed Contributor III

The OP changed the design instead of implementing the original description. Simply configured IP/subnet on "VLAN_SWITCH" untagged/parent interface for all those ports. Then let VLAN250 sitting on the same ports.

 

Toshi

in001

I created a new vlan switch "MANAGEMENT" with the untagged ports and connected the untagged devices to this ports, in my case this was a good solution.

Labels
Top Kudoed Authors