Network configuration Virtual domains in Transparent mode
FortiGate-4000 Installation and Configuration Guide 157
6 Select OK to save your changes.
You can also use the procedure “Adding VLAN subinterfaces” on page 152 to add a
VLAN subinterface to a zone if you are adding new VLAN subinterfaces to a virtual
domain to which you have already added zones.
Adding firewall policies for virtual domains
Once the network configuration for the virtual domain is complete, you must create
firewall policies for the virtual domain to allow packets to flow through the firewall
between VLAN subinterfaces.
• Adding addresses for virtual domains
• Adding firewall policies for virtual domains
Adding addresses for virtual domains
Before you can create firewall policies for a virtual domain, you must add source and
destination addresses for the VLAN subinterfaces and zones added to the virtual
domain.
1 Go to Firewall > Address.
2 Select the VLAN subinterface or zone to which to add the address.
3 Select New to add a new address.
4 Enter an Address Name to identify the address.
5 Enter the IP Address.
6 Enter the NetMask.
7 Select OK to add the address.
Adding firewall policies for virtual domains
Add Firewall policies to control connections and traffic between FortiGate VLAN
subinterfaces and zones in a virtual domain.
1 Go to Firewall > Policy.
2 Select the Virtual Domain to which you want to add the policy.
3 Select a source VLAN subinterface or zone.
4 Select a destination VLAN subinterface or zone.
VLAN subinterfaces or zones only appear in the source and destination lists if they
have been added to the selected virtual domain and if you have added firewall
addresses for them.
The source and destination cannot be the same VLAN subinterface or zone.
5 Select New to add a new policy.
6 Configure the policy.
7 Select OK to add the policy.