Hello friend Welcome to my video This video describes the steps to create VLAN on a FortiGate Firewall and Cisco switch In this model I divide the network into 2 VLANs It's vlan 10 and vlan 20 2 VLANs 10 20 have been configured with subinterfaces on Port 2 of Fortigate to be divided among departments Client of vlan 10 20 uses dynamic ip, so we configure more DHCP Scope to grant Client Port 1 is connected to the Internet Go to System -> Network and select 'Create New' select Interface Create the VLAN interface for VLAN ID 10 and enable DHCP Server. Give a name to the VLAN interface Choose the physical interface on which to attach the VLAN Here is port 2 Select 'Type' as VLAN. Give a desired VLAN ID Here is 10 configure DHCP scope to provide ip address to clients Go to System -> Network, expand the physical port and the VLAN will be displayed Similar configuration for vlan 20. Go to System -> Network and select 'Create New' select 'Interface' Create the VLAN interface for VLAN ID 20 and enable DHCP Server. Here is 20. configure DHCP scope to provide ip address to clients ip address to clients Go to System -> Network, expand the physical port and the VLAN will be displayed Configure default route at Static Routes Set the Destination IP or Mask to 0.0.0.0 and 0.0.0.0, the Device to the Internet-facing interface and Gateway is the ip address of the ISP's router Create a Policy that allows VLANs to access the Internet Configure firewall policy for vlan id 10 Go to Policy and Objects -> Firewall Policy and select 'Create New' Give a Name for policy. Set the Incoming Interface to vlan 10 and the Outgoing Interface to the Internet-facing interface Incoming Interface vlan 10 Outgoing Interface wan 1 Set Source, Destination Address, Schedule, and Services is all Make sure the Action is set to ACCEPT. Turn on NAT and make sure Use Outgoing Interface Address is selected Configure firewall policy for vlan id 20 vlan id 20 Give a Name for policy. Set the Incoming Interface to vlan 20 and the Outgoing Interface to the Internet-facing interface Incoming Interface vlan 20 Outgoing Interface wan1 Set Source, Destination Address , Schedule, and Services is ALL Make sure the Action is set to ACCEPT Turn on NAT and make sure Use Outgoing Interface Address is selected In this section, configure vlan 10 and vlan 20 on cisco switches with corresponding ports In Switch Core Configure terminal Interface 0/0 switchport mode trunk encapsulation dot1q , switchport mode trunk switchport trunk allowed vlan 10,20 exit interface 0/2, switchport mode trunk encapsulation dot1q switchport trunk allowed vlan 10 In Switch Access 1 interface 0/0 switchport mode trunk encapsulation dot1q switchport trunk allowed vlan 10 interface 0/3 , switchport mode access , switchport access vlan 10 You can now browse the Internet using a computer connected to vlan 10 vlan 10 You can now browse the internet using a computer connected to VLAN 10 You configure the same with vlan 20 In Switch Core Configure terminal Interface 0/3 Switchport mode trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 20 Exit In Switch Access 2 Configure terminal interface 0/0, switchport mode trunk encapsulation dot1q switchport trunk allowed vlan 20 Exit Interface 0/3 switchport mode access switchport access vlan 20 Exit You can now browse the Internet using a computer connected to vlan 20 You can now browse the Internet using a computer connected to vlan 20 You can now browse the internet using a computer connected to VLAN 20 Next Next, Create a Policy that allows VLANs to communicate with each other VLANs that communicate with each other must create corresponding 2-way policies Go to Policy and Objects -> Firewall Policy and select 'Create New' . Give a Name for policy Set the Incoming Interface to vlan 10 and the Outgoing to vlan 20 Incoming Interface vlan 10 Outgoing Interface vlan 20 Set Source, Destination Address, Schedule, and Services is all Set Source, Destination Address, Schedule, and Services is all Set Source, Destination Address, Schedule, and Services is all Set Source, Destination Address, Schedule, and Services is all Make sure the Action is set to ACCEPT Turn off NAT Give a Name for policy Set the Incoming Interface to vlan 20 and the Outgoing to vlan 10 Incoming interface VLAN 20 Outgoing interface VLAN 10 Set Source, Destination Address, Schedule, and Services is all Set Source, Destination Address, Schedule, and Services is all Set Source, Destination Address, Schedule, and Services is all Make sure the Action is set to ACCEPT Turn off NAT Now Now, computers belonging to 2 different vlans can communicate with each other and browser the internet I hope this video helped you create VLAN on a FortiGate and Cisco switch As always If you found this post useful and subscribe to my YouTube channel
