System Network
VLANs in NAT/Route mode
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
153
Figure 76: FortiGate unit in NAT/Route mode
Adding VLAN subinterfaces
The VLAN ID of each VLAN subinterface must match the VLAN ID added by the IEEE
802.1Q-compliant router. The VLAN ID can be any number between 1 and 4094, as 0 and
4095 are reserved. Each VLAN subinterface must also be configured with its own IP
address and netmask.
VLAN subinterfaces to the physical interface that receives VLAN-tagged packets.
To add a VLAN subinterface in NAT/Route mode
1
Go to
System > Network > Interface
.
2
Select
Create New
.
3
Enter a
Name
to identify the VLAN subinterface.
4
Select the physical interface that receives the VLAN packets intended for this VLAN
subinterface.
5
Enter the
VLAN ID
that matches the VLAN ID of the packets to be received by this
VLAN subinterface.
6
If you are an administrator with a super-admin profile, you can create VLAN
subinterfaces for any virtual domain. If not, you can only create VLAN subinterfaces in
your own VDOM.
“Using virtual domains” on page 103
for information about virtual domains.
7
Configure the VLAN subinterface settings.
“Interface settings” on page 123
.
VLAN 100
VLAN 200
Fa 0/9
Fa 0/3
Fa 0/24
802.1Q
trunk
FortiGate unit
External 172.16.21.2
Internal 192.168.110.126
Untagged packets
Internet
VLAN switch
VLAN 100 network
10.1.1.0
VLAN 200 network
10.1.2.0
Note:
A VLAN must not have the same name as a virtual domain or zone.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...