VLANs in Transparent mode
System Network
FortiGate Version 4.0 Administration Guide
156
01-400-89802-20090424
Rules for VLAN IDs
In Transparent mode, two VLAN subinterfaces added to the same physical interface
cannot have the same VLAN ID. However, you can add two or more VLAN subinterfaces
with the same VLAN IDs to different physical interfaces. There is no internal connection or
link between two VLAN subinterfaces with the same VLAN ID. Their relationship is the
same as the relationship between any two FortiGate network interfaces.
Transparent mode virtual domains and VLANs
VLAN subinterfaces are added to and associated with virtual domains. By default the
FortiGate configuration includes one virtual domain, named root, and you can add as
many VLAN subinterfaces as you require to this virtual domain.
You can add more virtual domains if you want to separate groups of VLAN subinterfaces
into virtual domains. For information on adding and configuring virtual domains, see
“Using virtual domains” on page 103
Adding a VLAN subinterface in Transparent mode
To add a VLAN subinterface
1
Go to
System > Network > Interface
.
2
Select
Create New
.
3
Enter a
Name
to identify the VLAN subinterface.
4
Select the physical interface that receives the VLAN packets intended for this VLAN
subinterface.
5
Enter the
VLAN ID
that matches the VLAN ID of the packets to be received by this
VLAN subinterface.
6
Select which virtual domain to add this VLAN subinterface to.
“Using virtual domains” on page 103
for information about virtual domains.
7
Configure the administrative access, and log settings.
“Interface settings” on page 123
for more descriptions of these settings.
8
Select
OK
.
The FortiGate unit adds the new subinterface to the interface that you selected in
step
.
9
Select
Bring up
to activate the VLAN subinterface.
To add firewall policies for a VLAN subinterface
After you add a VLAN subinterface, you can add firewall policies for connections between
VLAN subinterfaces or from a VLAN subinterface to a physical interface.
1
Go to
Firewall > Address
.
Note:
There is a maximum of 255 VLANs allowed per interface in Transparent mode.
Note:
A VLAN must not have the same name as a virtual domain or zone.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...