Fortigate Units And Vlans; Vlans In Nat/Route Mode - Fortinet FortiGate FortiGate-1000 Administration Manual
Fortinet fortigate fortigate-1000: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000:
- Install manual (66 pages) ,
- Installation manual (56 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
System network
FortiGate units and VLANs
VLANs in NAT/Route mode
FortiGate-1000 Administration Guide
Figure 14: Basic VLAN topology
VLAN 1 network
In a typical VLAN configuration, 802.1Q-compliant VLAN layer-2 switches or layer-3
routers or firewalls add VLAN tags to packets. Packets passing between devices in
the same VLAN can be handled by layer 2 switches. Packets passing between
devices in different VLANs must be handled by a layer 3 device such as router,
firewall, or layer 3 switch.
Using VLANs, a single FortiGate unit can provide security services and control
connections between multiple security domains. Traffic from each security domain is
given a different VLAN ID. The FortiGate unit can recognize VLAN IDs and apply
security policies to secure network and IPSec VPN traffic between security domains.
The FortiGate unit can also apply authentication, protection profiles, and other firewall
policy features for network and VPN traffic that is allowed to pass between security
domains.
Operating in NAT/Route mode, the FortiGate unit functions as a layer 3 device to
control the flow of packets between VLANs. The FortiGate unit can also remove VLAN
tags from incoming VLAN packets and forward untagged packets to other networks,
such as the Internet.
01-28006-0009-20041105
Internet
Untagged
packets
Firewall or
Esc
Enter
VLAN trunk
VLAN 1
VLAN 2
POWER
VLAN 2
VLAN 1
VLANs in NAT/Route mode
Router
VLAN Switch or router
VLAN 2 network
63
Advertisement
Table of Contents
