beautypg.com

Adding vlan subinterfaces, Virtual domains in transparent mode, Virtual – Fortinet FortiGate-800 User Manual

Page 147

background image

Network configuration

Virtual domains in Transparent mode

FortiGate-800 Installation and Configuration Guide

147

Adding VLAN subinterfaces

The VLAN ID of each VLAN subinterface must match the VLAN ID added by the IEEE
802.1Q-compliant router. The VLAN ID can be any number between 1 and 4096.
Each VLAN subinterface must also be configured with its own IP address and
netmask.

You add VLAN subinterfaces to the physical interface that receives VLAN-tagged
packets.

To add VLAN subinterfaces

1

Go to System > Network > Interface.

2

Select New VLAN to add a VLAN subinterface.

3

Enter a Name to identify the VLAN subinterface.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.

4

Select the interface that receives the VLAN packets intended for this VLAN
subinterface.

5

Enter the VLAN ID that matches the VLAN ID of the packets to be received by this
VLAN subinterface.
The VLAN ID can be any number between 1 and 4096 but must match the VLAN ID
added by the IEEE 802.1Q-compliant router or switch.

6

Configure the VLAN subinterface settings as you would for any FortiGate interface.
You can add the VLAN subinterface to a zone, configure addressing, add a ping
server, and configure administrative access to the VLAN subinterface. For more
information, see

“Configuring interfaces” on page 138

.

7

Select OK to save your changes.
The FortiGate unit adds the new subinterface to the interface that you selected in
step

4

.

Virtual domains in Transparent mode

In Transparent mode, The FortiGate unit can apply firewall policies and services, such
as virus scanning, to traffic on an IEEE 802.1 VLAN trunk. The FortiGate unit
operating in Transparent mode can be inserted into the trunk without making changes
to the network. In a typical configuration, the FortiGate internal interface accepts
VLAN packets on a VLAN trunk from a VLAN switch or router connected to internal
VLANs. The FortiGate external interface forwards tagged packets through the trunk to
an external VLAN switch or router. This external switch or router could be connected
to the Internet. The FortiGate unit can be configured to apply different policies for
traffic on each VLAN in the trunk.

See also other documents in the category Fortinet Hardware: