Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nsumner36
New Contributor

Multiple VLANs between 3 sites

I have 3 office with a number of different VLANs to make life simple lets say the following

 

Office A

VLAN 191

192.168.1.0/24

VLAN 10

10.10.10.0/24

 

Office B

VLAN 192

192.168.2.0/24

10.10.11.0/24

 

Office C

VLAN 193

192.168.3.0/24

10.10.12.0/24

 

All offices are directly linked with layer-2 500M links from the local telco. (IE Office A-B, Office A-C, and Office B-C). Forming a triangle as it were.

 

If I have the same VLAN in multiple offices than I get a loop (the 10 network which is for phones used to be one streched VLAN) but of course the loop takes you down, so it didn't cover all 3 lines.

 

All Internet goes through Office A. I currently have a link between all offices and then route all VLANs over that link. But the end result of course is that everything becomes a giant mess. All routing is done using OSPF which works rather nicely.

 

But I don't see how I can easy keep VLAN 192.168.x.x separate from the 10.10.x.x VLANs. I really want the "DATA" vlan 192 to be able to talk, and the VOICE vlans 10 to be able to talk, but very limited communication between them. But they both ultimately must connect between all offices and even out to the internet.

1 REPLY 1
sw2090
Honored Contributor

looks rather easy as there is no overlaps ;)

Just create static routes for the vlans on the fortigates so traffic can be routed between the vlans of the offices.

Then create the policies to allow the traffic you want to allow.

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors