This saved my ass because I was tasked to setup 4 vlans in our office using a 100E, will be creating 4 ports with 4 subnets and setup routing between them. very useful thank you!
Great video. BTW, you can save time by just creating one policy for the inter-vlan portion. Just create the first one, and then once done, right click on that policy and clone-reverse. It will recreate it in the opposite direction. All you have to do is give its a name. Cheers
You're absolutely right! Nevertheless, I'm well acquainted with the concept of clone reverse. In my opinion, individuals ought to grasp the process of creating things from the ground up. Once they have a solid grasp of the fundamentals, they can gradually acquaint themselves with the more straightforward approaches to accomplishing tasks.
No there is no need to have policy between VLAN but there are reasons to why you may want someone to have access to a specific VLAN other than where they belong. For example if you have a Camera VLAN and you belong to Data VLAN you won't be able to view the camera from your network device in Data VLAN without having a policy to allow your device or the entire Data VLAN. I hope this helps
LAN 2 network has some management features, such as HTTPS or FMG. Once any of the Administrative Access is enabled on that interface that makes it a management interface.
Can I configure IP addresses on both the physical interface and VLAN interface as router on a stick. And reach the physical interface on a switch that has a port in Access mode???
The answer is Yes. You can configure multiple physical and Virtual interfaces and even route between them. What you need is policy. To answer your question YES it is possible
@@techy-world3716 thank you so much! I made 2 VLAN on FortiGate 60F (VLAN 10 and VLAN 25) using a a Zyxel GS1900 managed switch in testing enviroment. If I configure clients with fixed IP it works, but they aren't able to get IP from DHCP server ( configured on eachFortigate vlan, 192.168.10.1/24 and 192.168.25.1/24). I don't understand if the problem is the switch that is stopping DHCP service or if there is other configuration to do on firewall.
@xlv600tr If you scroll down on your VLAN 10 and VLAN 20 interfaces there, you will see the option to enable DHCP. The DHCP can be configured on your firewall, or you can configure it on your Zyxel GS1900 switch. If DHCP is configured on your switch, you will need to enable DHCP relay under the advance option below the DHCP on the fortigate 60F firewall.
@@techy-world3716 Thank you again. In switch menu I find only if switch receive ip from dhcp or if it has to fixed (for management). On fw it is active on both VLANS
This error is due to a trial license you are using which only allow 4 interfaces. What you can do is to use 2 interface (1 for WAN and the other for LAN which will include VLAN sub interfaces)
The access will be applied to the LAN interface e.g port 1 if you are using physical port or the VLAN interface e.g Data VLAN. You can also apply it to multiple interface but not on the zone.
Good video and explanation but use a diagram for the self-paced bro- that way you get likes - someone who knows this will either ignore or just like. Thanks
Iam unable to create sub interface in fortigate firewall, below error is coming Maximum number of entries has been reached. Object set operator error, -4 discard the setting.
@@psksuresh8800 Delete 2 of your physical interfaces. You are using a trial license. You will be allowed 4 interfaces on a trial version. So best is to delete 2 physical interfaces and use 1 for WAN and the other interfaces for your sub interfaces
