beautypg.com

Adding a virtual domain, Adding vlan subinterfaces to a virtual domain – Fortinet FortiGate 4000 User Manual

Page 155

background image

Network configuration

Virtual domains in Transparent mode

FortiGate-4000 Installation and Configuration Guide

155

Adding a virtual domain

Use the following procedure to add a virtual domain to the FortiGate unit. You must
add at least one virtual domain to support VLANs in Transparent mode. Add more
virtual domains to simplify configuration if you are planning to add a large number of
VLANs.

To add a virtual domain

1

Go to System > Virtual Domain.

2

Select New to add a virtual domain.

3

Type a Name for the virtual domain.

4

Select OK to add the virtual domain.

Adding VLAN subinterfaces to a virtual domain

Use the following procedure to add VLAN subinterfaces to a virtual domain. You must
add at least two VLAN subinterfaces to each virtual domain. In most configurations a
virtual domain is used to send VLAN-tagged packets received at one FortiGate
physical interface to another FortiGate physical interface (for example, from the
internal interface to the external interface). For this to occur, you must add VLAN
subinterfaces to the receiving and sending physical interfaces (for example, to the
internal and external interfaces.

To add VLAN subinterfaces to a virtual domain

1

Go to System > Network > VLAN.

2

Select the Virtual Domain to add the VLAN subinterface to.

3

Select New to add a VLAN subinterface.

4

Type a Name for the VLAN subinterface.

5

Select the interface to associate the VLAN subinterface with.
The VLAN subinterface must be added to the FortiGate interface that receives the
VLAN-tagged packets.

6

Enter a VLAN ID for the VLAN subinterface.
The VLAN ID can be any number between 1 and 4095.

7

Optionally, select a zone to add the VLAN subinterface to a zone.
To add a zone to a virtual domain, see

“Adding zones to virtual domains” on page 156

.

8

Select OK to add the VLAN subinterface.

9

Repeat these steps to add more VLAN subinterfaces to the virtual domain.

To configure management access and traffic logging for VLAN subinterfaces

1

Go to System > Network > Management.

2

Configure management access as required for the VLAN subinterfaces that you have
added.
You can select HTTPS, PING, SSH, SNMP, HTTP, or TELNET.

3

Select Log to configure traffic logging for the VLAN subinterfaces that you have
added.