Fortiwifi Units And Vlans; Vlans In Nat/Route Mode - Fortinet FortiWiFi FortiWiFi-60 Administration Manual
Antivirus firewalls
Hide thumbs
Also See for FortiWiFi FortiWiFi-60:
- Installation and configuration manual (76 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
VLANs in NAT/Route mode
FortiWiFi units and VLANs
VLANs in NAT/Route mode
64
Figure 16: Basic VLAN topology
VLAN 1 network
In a typical VLAN configuration, 802.1Q-compliant VLAN layer-2 switches or layer-3
routers or firewalls add VLAN tags to packets. Packets passing between devices in
the same VLAN can be handled by layer 2 switches. Packets passing between
devices in different VLANs must be handled by a layer 3 device such as router,
firewall, or layer 3 switch.
Using VLANs, a single FortiWiFi unit can provide security services and control
connections between multiple security domains. Traffic from each security domain is
given a different VLAN ID. The FortiWiFi unit can recognize VLAN IDs and apply
security policies to secure network and IPSec VPN traffic between security domains.
The FortiWiFi unit can also apply authentication, protection profiles, and other firewall
policy features for network and VPN traffic that is allowed to pass between security
domains.
Operating in NAT/Route mode, the FortiWiFi unit functions as a layer 3 device to
control the flow of packets between VLANs. The FortiWiFi unit can also remove VLAN
tags from incoming VLAN packets and forward untagged packets to other networks,
such as the Internet.
01-28006-0014-20041105
Internet
Untagged
packets
Firewall or
Esc
Enter
VLAN trunk
VLAN 1
VLAN 2
POWER
VLAN 2
VLAN 1
System network
Router
VLAN Switch or router
VLAN 2 network
Fortinet Inc.
Advertisement
Table of Contents
