Created on 02-25-2018 10:48 PM
I need help for configuring vlans access to internet on fortigate 100d.
ISP>>>Fortigate 100D>>>Alcatel OS6860E-24>>>Access SW
-VLAN 1(internal LAN, interface default of FG100D, management vlan): 192.168.40.0/22 with DHCP Server and SNMP Server OmniVista 2500NMS for deploy Stellar Access Point
-VLAN 10( Office): 172.16.142.0/24
-VLAN 40( Guest): 10.0.1.0/16
I need 3 vlans can access to internet .
-Config on FG100D:
1/Create 2 sub interface on Lan interface: sub-interface vlan10 and vlan 40
a/Policy vlan 10 to internet: interface vlan10 to wan 1
b/Policy vlan 40 to internet: interface vlan40 to wan 1
c/Policy vlan 10 to vlan 1: interface vlan 10 to lan
d/Policy vlan 40 to vlan 1: interface vlan 40 to lan
3/Create Static route:
a/Default route: Dest:0.0.0.0/0, Device Type: Wan 1, ISP Default GW
b/Vlan 10 to Vlan 1: Dest: 192.168.40.0/22, Device Type: LAN, Default GW: IP interface vlan 10
c/Vlan 40 to vlan 1: Dest: 192.168.40.0/22, Device Type: LAN, Default GW: IP interface vlan 40
Please tell me what wrong in my configuration
Created on 02-26-2018 05:27 AM
Have you gotten the trunking configured correctly yet on the Alcatel? Can you PING the default gateways on the Fortigate from those VLANs?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
@rwpatterson: hi, sorry for late reply.
Tomorrow i will deploy fortigate 100D for my customer follow above steps, and just be sure to doing .
Since you said all 3 vlans should have Internet access, I didn't see any policy allowing vlan1 to the wan interface. Either no policy allowing vlan1 to other vlans. So how could your devices in 192.168.40.0/22 initiate outbound traffic?
Keep in touch. Thanks!
Since All 3 Vlans are directly connected to Fortigate .You don't need to define any route .Please share the fortigate Conf to validate your configuration .Also is there any subnets behind Vlan1 which require static route pointing to Lan next hop.Hope this clears your doubt .
I had configured for my customer fortigate 100D and 3 vlans access to internet.
-sub interface lan: 192.168.40.1/22 type:hardware switch
-sub interface vl10: 10.0.1.1/16 type:vlan
-sub int vl40: 188.8.131.52/24 type:vlan
2/ IPv4 Policy:
a/lan to wan1
b/vlan10 to wan1
c/vlan40 to wan1
d/lan to vlan10
e/vlan10 to lan
f/lan to vlan40
g/vlan40 to lan
DHCP server and SNMP server on Lan network: 192.168.40.0/22 so i need policy d,e,f,g. Is that right ?
3/ Default Route: 0.0.0.0/0 wan1
I have on L3 avaya switch switch have 2 vlans vlan 10 with ip address 184.108.40.206 255.255.255.0 vlan 20 with ip address 220.127.116.11 255.255.255.0 intervlan routing is activated on both and ip routing is ON on all eth vlan 10 have ports 11-24 vlan 20 have ports 2-10 on vlan 20 i am connecting fortigate firewall 60c interface ip address is 18.104.22.168 and connecting 1 pc that got ip from fortigate DHCP pool 22.214.171.124 on vlan 10 pc is connected ip address 126.96.36.199 on firewall side i have cable to WAN 1 with ip 172.16.100.1 and my firewall got ip address 172.16.100.132 internet on firewall is working also on pc on vlan 20 (same firewall's vlan ) but on vlan 10 i have no internet access even know pc on vlan 10 can ping firewall and access GUI and firewall can ping it also as per static route i have 0.0.0.0/0.0.0.0 to wan 1 and default gateway is 172.16.100.1 188.8.131.52/255.255.255.0 internal gateway 184.108.40.206 policy is set all to all , Nat is activated on all interfaces how can I allow pc on vlan 10 to access internet