Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shinjin
New Contributor

How to configure Fortigate 60E VLAN from existing router

Hi, any video and tutorial ?

I get IP and from ISP A. 

the external IP is

1.9.165.228/24

the VLAN 1 IP is 192.168.10.1/24

and VLAN 2 IP is 192.168.20.1/24

how can I configure both IP able to access to internet but unable to communicate ?

Thanks!

 

 

2 REPLIES 2
Benoit_Rech_FTNT

Hello,

 

1/ you should configure VLAN1 and VLAN2 on the FortiGate.

[ul]
  • If the traffic is untagged, then you should use 2 different physical ports. 
  • if the traffic is tagged, then you can use the same physical port, and two subinterfaces of type VLAN[/ul]

    2/ You should create two firewall policies

    [ul]
  • VLAN1 -> internet
  • VLAN2 -> internet[/ul]

    There will be no communication between VLAN1 and VLAN2 because they are on different interfaces, and no firewall policy to allow the traffic. Therefore, it will be denied by the 'implicit deny' policy

     

    Best regrads, Benoit

     

  • rwpatterson

    Welcome to the forums.

     

    Make sure you check of the NAT option in the policy. Those RFC addresses won't get past the ISP gateway.

    Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    Labels
    Top Kudoed Authors