To enable Internet on a new VLan from our Fortinet Firewall
Originally we had 1 Corporate Data VLan. Now, I have created a new data VLan that is to be used exclusively for Servers. This new VLan is setup and is fully route-able between the Original VLan-1 and VLan-11. I can logon and use internal DNS; but internet is not yet enabled on VLan-11.
My question today is regarding how to enable internet on this new VLan-11? We have an "Internal" Zone/Interface from the Fortigate Firewall. This Internal Interface has ports 1-7 assigned to it on the Firewall. Port#1 on the Firewall is connected to a VLan-1 port one on our Corporate Data Switches. This VLan-1 port is Port#2 on switch .252 (See the attached diagram).
I have created a case with Fortinet to enable internet from the Fortigate Firerwall to VLan-11 on our network. We had some problems executing this task and they are stating that tagged frames are not being routed from the switch to the Firewall. Their exact descriptin is the following:
"The CorpServerVlan Interface, on the Fortigate, is listening to ‘tagged’ traffic on VLan-11. The Corporate Data Switch when pinging the fortigate (172.20.11.125) is not tagged. Pings are coming through the ‘Internal’ interface not the CorpServerVLan Interface. Please see the attached network diagrams and screen shots of what me and the Fortigate Technician have done.
Keep in mind that I can have laptops logon to the AD network and ping everything on VLan-1. Equally important VLan-1 devices can ping VLan-11 devices and copy files back and forth.
I have a theory, to fix this internet problem since Ethernet Port#1 on the Fortigate Firewall is already assigned to the Internal Interface and that same port is already connected to port #2 on a VLan-1. Could "Tagging" VLan-11 on the same port (Port#2 on data switch) enable internet on VLan-11 as well? From-Corp-Server-Vlan-to-Wan1_edited.doc 1stpage_Public.pdf