Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wotik
New Contributor III

Created on ‎04-14-2023 05:40 AM

VLAN

Hello

 

I may ask a stupid question - forgive me ;) - will this configuration work:

 

FG60F + LAN with unmanaged switches.

 

In your FG, one of the physical LAN ports (e.g. LAN3) belongs to the VLAN Switch. If I create a new VLAN interface and connect it to the Switch VLAN interface, is there a chance to create a working VLAN? Will it be possible to communicate between this VLAN and the VLAN Switch after creating appropriate firewall policies?

 

Does it need to be solved differently?

 

I want to create a separate subnet that will be able to communicate with the VLAN Switch to a limited extent.

 

Thanks for any tips.

Best Regards,
Wojtek
Best Regards,Wojtek
Labels:
1088
0 Kudos
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Created on ‎04-14-2023 07:59 AM

By default with a 60F all LAN1(internal1)-LAN5(internal5) are bound to a VLAN switch "internal". If you create a VLAN subinterface on the internal interface, that would connect to a switch at any of those ports with the VLAN tag.

A VLAN subinterface is an independent interface you can configure an IP. Different from "internal".

 

Toshi

1070
0 Kudos
Christian_89
Contributor III

Created on ‎04-15-2023 12:36 AM

hello Wojtek

If I understand correctly.
Then you would have to break the SW switch on the Fortigate and make single interface and then connect your Unmangendet switch to an interface.

 

1058
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Christian_89

Created on ‎04-15-2023 10:44 AM Edited on ‎04-15-2023 10:46 AM

You don't have to. The new VLAN is just spread out to all member ports including LAN3/internal3. And the VLAN switch is NOT a soft-switch. Not a hard-switch either though. See @AlexC-FTNT's KB below:
https://community.fortinet.com/t5/FortiGate/Setup-comparison-between-FortiGate-Hardware-switch-Softw...

 

But it's probably better if you separate the port from the VLAN switch as @Christian_89 suggests so that other ports won't have the VLAN.

 

Toshi

1043
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.