Vlans In Transparent Mode - Fortinet FortiWiFi FortiWiFi-60 Administration Manual
Antivirus firewalls
Hide thumbs
Also See for FortiWiFi FortiWiFi-60:
- Installation and configuration manual (76 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
System network
VLANs in Transparent mode
FortiWiFi-60 Administration Guide
To add firewall policies for VLAN subinterfaces
Once you have added VLAN subinterfaces you can add firewall policies for
connections between VLAN subinterfaces or from a VLAN subinterface to a physical
interface.
1
Go to Firewall > Address.
2
Select Create New to add firewall addresses that match the source and destination IP
addresses of VLAN packets.
See
"Address" on page
3
Go to Firewall > Policy.
4
Add firewall policies as required.
In Transparent mode, the FortiWiFi unit can apply firewall policies and services, such
as authentication, protection profiles, and other firewall features, to traffic on an IEEE
802.1 VLAN trunk. You can insert the FortiWiFi unit operating in Transparent mode
into the trunk without making changes to your network. In a typical configuration, the
FortiWiFi internal interface accepts VLAN packets on a VLAN trunk from a VLAN
switch or router connected to internal VLANs. The FortiWiFi external interface
forwards tagged packets through the trunk to an external VLAN switch or router which
could be connected to the Internet. The FortiWiFi unit can be configured to apply
different policies for traffic on each VLAN in the trunk.
For VLAN traffic to be able to pass between the FortiWiFi Internal and external
interface you would add a VLAN subinterface to the internal interface and another
VLAN subinterface to the external interface. If these VLAN subinterfaces have the
same VLAN IDs, the FortiWiFi unit applies firewall policies to the traffic on this VLAN.
If these VLAN subinterfaces have different VLAN IDs, or if you add more than two
VLAN subinterfaces, you can also use firewall policies to control connections between
VLANs.
If the network uses IEEE 802.1 VLAN tags to segment your network traffic, you can
configure a FortiWiFi unit operating in Transparent mode to provide security for
network traffic passing between different VLANs. To support VLAN traffic in
Transparent mode, you add virtual domains to the FortiWiFi unit configuration. A
virtual domain consists of two or more VLAN subinterfaces or zones. In a virtual
domain, a zone can contain one or more VLAN subinterfaces.
When the FortiWiFi unit receives a VLAN tagged packet at an interface, the packet is
directed to the VLAN subinterface with matching VLAN ID. The VLAN subinterface
removes the VLAN tag and assigns a destination interface to the packet based on its
destination MAC address. The firewall policies for this source and destination VLAN
subinterface pair are applied to the packet. If the packet is accepted by the firewall,
the FortiWiFi unit forwards the packet to the destination VLAN subinterface. The
destination VLAN ID is added to the packet by the FortiWiFi unit and the packet is sent
to the VLAN trunk.
204.
01-28006-0014-20041105
VLANs in Transparent mode
67
Advertisement
Table of Contents
