Just to be clear about the tagging logic on Fortigate firewall.
1) On other vendors, we have to specifically tell the FW treat the port as tagged port.
2) On Fortigate FW, there is no such setting, rather the presence of multiple vlans on a single port, tells the FW to use tagging i.e no we do not need to tell FW to use tag via some specific config, just put vlans on a port will do the trick.
Fortigate VLAN Interface / Tagged Interface logic is same as Cisco / PaloAlto etc. In Cisco we do create Layer 3 Sub Intefaces with VLAN tags. In PaloAlto also we do the same thing. In Fortgate there is no so called thing like Sub Interface but logic is the same. That is create VLAN Interface with a VLAN tag and bind it to Physical Port. Then it works as a Sub Interfaces in Cisco, PaloAlto and Checkpoint.
Please see the below steps.
Configuration steps from the GUI :
1) Go to System -> Network and select 'Create New'.
2) Give a Name to the VLAN interface.
3) Choose the physical interface on which to attach the VLAN.
4) Select 'Type' as VLAN.
5) Give the desired VLAN ID.
....all other fields are depending on your other requirement (IP address, ping server...)
6) Select 'Apply'.
7) Go to System -> Network, select the blue arrow to expand the physical port and the VLAN will be displayed.
Configuration steps from the CLI
# config system interface
set vdom "<vdom name>"
set ip a.b.c.d e.f.g.h
set interface "port1"
set vlanid 100
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.