Setting Fortinet 60D interface ports for multi-VLAN

I have a Fortinet 60D on a multi-VLAN network environment.
I want to each interface port  of the firewall to be possible for assign  untagged VLANS.

Is it possible to make the bellow settings, where the port 1 is for all VLANs trunk and management interface, and the others ports I can choose what vlan to assign?


PORT 2 (vlan 10)-----DESKTOPS
|
|            PORT 3 (vlan 20) ------SECURITY CAMERA
|            |
|            |            PORT 4 (vlan 20)------SECURITY CAMERA
|            |            |
|            |            |       PORT 5 (vlan 50) ------WIFI    
|            |            |              
:::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::: FORTINET FIREWALL  ::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::
|
PORT 1 of Fortinet (TRUNK PORT + management interface)
|
|
|      <<<    TRUNK CHANNEL (with all vlans passing throught 10,20,50)
|
|
SWITCH (L3, ROUTING ENABLED)
|
|
...rest of the network...
edu87Asked:
Who is Participating?
 
myramuCommented:
Hi,

Yes, It is possible to use a single fortigate port to connect the trunk port and define vlans.
Refer following fortinet KBs for more information,
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30883
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31639

good luck!
0
 
Joey YungSenior Network EngineerCommented:
Why will you need a trunk interface with all vlan but also have another separate interface for these specific vlan? I'm not sure it is work or not, but seems a strange design...
0
 
edu87Author Commented:
Ok myramu I will try creating VDOMs.

Just on simple question before try this VDOMs way: I am trying to make my vlans to pass through the Fortigate and go out to Internet, but is not working. I tryed to use this tutorial lab from Fortinet but didnt worked for me:

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/VLANs.103.17.html

I created two default routes, one  for VLAN_10 and another for VLAN_20 and didn´t work. Tryed to remove the VLAN_20 default and stay with just the VLAN_10 but not worked too.

default-route.PNGroute.PNGinterfaces.PNGpolicy.PNG
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.