Re: Possible to VLAN without Fortigate Managed Switch? Is my solution ok?
VLANs are not a security feature. A VLAN isolates broadcast traffic from other networks on the same wire, possibly conserving bandwidth.
Yes, you can create a lot of networks and (virtual) firewall ports using VLANs on a FGT. This is convenient if you need more ports than available physically.
Your problem begins when the VLAN (tagged) traffic leaves the FGT. The next switch must be VLAN capable, that is, able to collect switch ports into a VLAN broadcast domain, able to read the VLAN tag etc. IMHO there are 'semi-managed' switches which are VLAN capable for only a few bucks (Netgear metal boxes for instance).
If you create a VLAN you would want to pass the traffic all through your network either to the gateway or the hosts. If the FGT is your gateway, your switches need to support VLANs so that tagged traffic can reach the hosts. Hosts (PCs) usually are not VLAN capable; a switch port declared as 'VLAN access port' would be part of the VLAN but remove the VLAN tag on egress to the host.
But this all is basic networking stuff and better explained elsewhere on the net. Answering your question, yes, you can create VLANs on the FGT and handle them with 3rd party switches.
Ede " Kernel panic: Aiee, killing interrupt handler!"